From patchwork Mon Jun  8 17:17:15 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Han, Weidong" <weidong.han@intel.com>
X-Patchwork-Id: 28599
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n589IEPh005843
	for <patchwork-kvm@patchwork.kernel.org>; Mon, 8 Jun 2009 09:18:14 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750924AbZFHJRS (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Mon, 8 Jun 2009 05:17:18 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753769AbZFHJRQ
	(ORCPT <rfc822;kvm-outgoing>); Mon, 8 Jun 2009 05:17:16 -0400
Received: from mga14.intel.com ([143.182.124.37]:4374 "EHLO mga14.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753428AbZFHJRO (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 8 Jun 2009 05:17:14 -0400
Received: from azsmga001.ch.intel.com ([10.2.17.19])
	by azsmga102.ch.intel.com with ESMTP; 08 Jun 2009 02:17:16 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.41,323,1241420400"; d="scan'208";a="151753341"
Received: from randy-nhm.sh.intel.com (HELO localhost.localdomain)
	([10.239.13.181])
	by azsmga001.ch.intel.com with ESMTP; 08 Jun 2009 02:17:15 -0700
From: Weidong Han <weidong.han@intel.com>
To: avi@redhat.com, paul@codesourcery.com
Cc: kvm@vger.kernel.org, Weidong Han <weidong.han@intel.com>
Subject: [PATCH RFC] qemu: fix hot remove assigned device
Date: Tue,  9 Jun 2009 01:17:15 +0800
Message-Id: <1244481435-17224-1-git-send-email-weidong.han@intel.com>
X-Mailer: git-send-email 1.6.0.4
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

When hot remove an assigned device, segmentation fault was triggered
by qemu_free(&pci_dev->qdev) in pci_unregister_device().
pci_register_device() doesn't initialize or set pci_dev->qdev. For an
assigned device, qdev variable isn't touched at all. So segmentation
fault happens when to free a non-initialized qdev.

Paul,
you introduced the code to free qdev in pci_unregiser_device. Did you
miss something?

Following patch changes the code back to free pci_dev, and fixes the
hot remove issue.

Signed-off-by: Weidong Han <weidong.han@intel.com>
---
 hw/pci.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 25581a4..77d63d8 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -377,7 +377,7 @@ int pci_unregister_device(PCIDevice *pci_dev)
     qemu_free_irqs(pci_dev->irq);
     pci_irq_index--;
     pci_dev->bus->devices[pci_dev->devfn] = NULL;
-    qdev_free(&pci_dev->qdev);
+    qemu_free(pci_dev);
     return 0;
 }