From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark McLoughlin <markmc@redhat.com>
Subject: Re: [PATCH 4/4] [v2] kvm: qemu: Assign irq in init_assigned_device
Date: Wed, 10 Dec 2008 13:27:33 +0000
Message-ID: <1228915653.5384.50.camel@blaa>
References: <715D42877B251141A38726ABF5CABF2C018BF9AD4A@pdsmsx503.ccr.corp.intel.com>
Reply-To: Mark McLoughlin <markmc@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: "'Avi Kivity'" <avi@redhat.com>,
	"'kvm@vger.kernel.org'" <kvm@vger.kernel.org>
To: "Han, Weidong" <weidong.han@intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx2.redhat.com ([66.187.237.31]:48375 "EHLO mx2.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752198AbYLJN27 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 10 Dec 2008 08:28:59 -0500
In-Reply-To: <715D42877B251141A38726ABF5CABF2C018BF9AD4A@pdsmsx503.ccr.corp.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Wed, 2008-12-10 at 21:23 +0800, Han, Weidong wrote:
> diff --git a/qemu/hw/device-assignment.c b/qemu/hw/device-assignment.c
> index 03a52e6..160f001 100644
> --- a/qemu/hw/device-assignment.c
> +++ b/qemu/hw/device-assignment.c
> @@ -499,40 +561,13 @@ void assigned_dev_update_irqs()
>  
>      adev = LIST_FIRST(&adev_head);
>      while (adev) {
> -        AssignedDevInfo *next = LIST_NEXT(adev, next);
...
> +        r = assign_irq(adev);
> +        if (r < 0)
> +            free_assigned_device(adev);
...
> -        adev = next;
> +        adev = LIST_NEXT(adev, next);
>      }
>  }

You're introducing the "use after free" issue here again.

Cheers,
Mark.