vhost-user: unregister slave req handler at cleanup time

If the backend sends a request just before closing the socket, the aio dispatcher might schedule its reading after the vhost device has been cleaned, leading to a NULL pointer dereference in slave_read(); vhost_user_cleanup() already closes the socket but it is not enough, the handler has to be unregistered. Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Maxime Coquelin <maxime.coquelin@redhat.com> 2017-06-30 18:04:22 +0200
committer: Michael S. Tsirkin <mst@redhat.com> 2017-07-03 22:29:49 +0300
commit: b9ec9bd468b2c5b218d16642e8f8ea4df60418bb (patch)
tree: 27020a2b06047394cd50696caacbee7ecff40d94 /hw/virtio/vhost-user.c
parent: 384b557da1a44ce260cd0328c06a250507348f73 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 958ee09bcb..2203011125 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -779,6 +779,7 @@ static int vhost_user_cleanup(struct vhost_dev *dev)
 
     u = dev->opaque;
     if (u->slave_fd >= 0) {
+        qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL);
         close(u->slave_fd);
         u->slave_fd = -1;
     }
author	Maxime Coquelin <maxime.coquelin@redhat.com>	2017-06-30 18:04:22 +0200
committer	Michael S. Tsirkin <mst@redhat.com>	2017-07-03 22:29:49 +0300
commit	b9ec9bd468b2c5b218d16642e8f8ea4df60418bb (patch)
tree	27020a2b06047394cd50696caacbee7ecff40d94 /hw/virtio/vhost-user.c
parent	384b557da1a44ce260cd0328c06a250507348f73 (diff)