From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alex Williamson <alex.williamson@redhat.com>
Subject: [PATCH] Fix segfault after device assignment hot remove
Date: Thu, 06 May 2010 12:58:12 -0600
Message-ID: <1273172292.2616.72.camel@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
To: KVM list <kvm@vger.kernel.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:42996 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753625Ab0EFS6O (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 6 May 2010 14:58:14 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o46IwDvX009961
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <kvm@vger.kernel.org>; Thu, 6 May 2010 14:58:14 -0400
Received: from [172.17.72.7] (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o46IwDiR007828
	for <kvm@vger.kernel.org>; Thu, 6 May 2010 14:58:13 -0400
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

We keep a qlist of assigned devices for irq updates, but we forgot to
remove entries from it if they're hot unplugged.  This makes
assigned_dev_update_irqs() a timebomb that goes off when the guest is
rebooted.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

diff --git a/hw/device-assignment.c b/hw/device-assignment.c
index 1f13a6d..b9cc06f 100644
--- a/hw/device-assignment.c
+++ b/hw/device-assignment.c
@@ -1390,6 +1390,7 @@ static int assigned_exitfn(struct PCIDevice *pci_dev)
 {
     AssignedDevice *dev = DO_UPCAST(AssignedDevice, dev, pci_dev);
 
+    QLIST_REMOVE(dev, next);
     deassign_device(dev);
     free_assigned_device(dev);
     return 0;