From: Gerd Hoffmann <kraxel@redhat.com>
To: Hans de Goede <hdegoede@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 17/18] usb: move cancel callback to USBDeviceInfo
Date: Mon, 23 May 2011 16:34:27 +0200 [thread overview]
Message-ID: <4DDA7073.2060702@redhat.com> (raw)
In-Reply-To: <4DDA6966.7050307@redhat.com>
Hi,
> The problem is that the USBDevice lifetime may be shorter then the
> USBPacket lifetime, USBPackets are created by uhci.c (for example),
> where as the device is managed from the monitor (for example), doing
> a usb_del in the monitor using the guest bus:addr will call
> usb_device_delete_addr, which will call qdev_free. At this time the
> USBDevice struct is gone, and at a later time the uhci code will
> cancel any still outstanding async packets, who's owner pointer will
> now point to free-ed memory.
Good spotting, this is indeed a issue which needs fixing. It isn't
introduced by this patch though, it exists even without the usb patch queue.
usb-msd.c passes a USBDevice pointer directly as opaque. The
usb-linux.c callback function assumes it can dereference aurb->hdev just
fine. Both will hit free'ed memory in case the device is unplugged
while a async packet is in flight.
cheers,
Gerd
next prev parent reply other threads:[~2011-05-23 14:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-23 9:43 [Qemu-devel] [PULL] usb patch queue: initial usb 2.0 support Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 01/18] usb: Add Interface Association Descriptor descriptor type Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 02/18] usb: update config descriptors to identify number of interfaces Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 03/18] usb: remove fallback to bNumInterfaces if no .nif Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 04/18] usb: add support for "grouped" interfaces and the Interface Association Descriptor Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 05/18] Bug #757654: UHCI fails to signal stall response patch Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 06/18] usb: Pass the packet to the device's handle_control callback Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 07/18] usb-linux: use usb_generic_handle_packet() Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 08/18] usb-linux: fix device path aka physical port handling Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 09/18] usb-linux: add hostport property Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 10/18] usb-linux: track aurbs in list Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 11/18] usb-linux: walk async urb list in cancel Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 12/18] usb-linux: split large xfers Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 13/18] usb-linux: fix max_packet_size for highspeed Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 14/18] usb-storage: don't call usb_packet_complete twice Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 15/18] usb: add usb_handle_packet Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 16/18] usb: keep track of packet owner Gerd Hoffmann
2011-05-23 9:43 ` [Qemu-devel] [PATCH 17/18] usb: move cancel callback to USBDeviceInfo Gerd Hoffmann
2011-05-23 14:04 ` Hans de Goede
2011-05-23 14:34 ` Gerd Hoffmann [this message]
2011-05-23 14:53 ` Gerd Hoffmann
2011-05-23 17:31 ` Hans de Goede
2011-05-23 17:30 ` Hans de Goede
2011-05-23 9:43 ` [Qemu-devel] [PATCH 18/18] usb: add ehci adapter Gerd Hoffmann
2011-05-23 19:25 ` Blue Swirl
2011-05-24 15:45 ` Erik Rull
2011-05-26 10:13 ` [Qemu-devel] [PULL] usb patch queue: initial usb 2.0 support Gerd Hoffmann
2011-05-31 13:37 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DDA7073.2060702@redhat.com \
--to=kraxel@redhat.com \
--cc=hdegoede@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.