From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37044)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsqpU-0007eD-Fk
	for qemu-devel@nongnu.org; Fri, 06 Jun 2014 05:53:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsqpO-0003jF-QO
	for qemu-devel@nongnu.org; Fri, 06 Jun 2014 05:52:56 -0400
Received: from mail-qa0-x235.google.com ([2607:f8b0:400d:c00::235]:45917)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WsqpO-0003j4-Ds
	for qemu-devel@nongnu.org; Fri, 06 Jun 2014 05:52:50 -0400
Received: by mail-qa0-f53.google.com with SMTP id k15so3026631qaq.40
	for <qemu-devel@nongnu.org>; Fri, 06 Jun 2014 02:52:50 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <53918F6E.1020406@redhat.com>
Date: Fri, 06 Jun 2014 11:52:46 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <CAJSP0QXUsWO1R1pFfiiDNS-gitK=0ufTxvFG7=BKkGTc00c7dA@mail.gmail.com>	<20140605161803.GB11292@redhat.com>
	<CAJSP0QWy_xg00mN8bLr_VR71HFB=+RV2KK2+B5zScBn9pM-POQ@mail.gmail.com>
In-Reply-To: <CAJSP0QWy_xg00mN8bLr_VR71HFB=+RV2KK2+B5zScBn9pM-POQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] Use-after-free during unrealize in system_reset
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>
Cc: bsd@redhat.com, qemu-devel <qemu-devel@nongnu.org>, =?UTF-8?B?QW5kcmVh?= =?UTF-8?B?cyBGw6RyYmVy?= <afaerber@suse.de>

Il 06/06/2014 11:03, Stefan Hajnoczi ha scritto:
> commit 5c21ce77d7e5643089ceec556c0408445d017f32
> Author: Bandan Das <bsd@redhat.com>
> Date:   Wed Mar 12 21:02:12 2014 +0100
>
>     qdev: Realize buses on device realization
>
>     Integrate (un)realization of child buses with realization/unrealization
>     of the device hosting them. Code in device_unparent() is reordered for
>     unrealization of buses to work as part of device unrealization.
>
>     That way no changes need to be made to bus instantiation.
>
>     Signed-off-by: Bandan Das <bsd@redhat.com>
>     Signed-off-by: Andreas Färber <afaerber@suse.de>

This hunk seems wrong.  Bandan, what was the reason for it?


@@ -841,13 +858,13 @@ static void device_unparent(Object *obj)
      QObject *event_data;
      bool have_realized = dev->realized;

+    if (dev->realized) {
+        object_property_set_bool(obj, false, "realized", NULL);
+    }
      while (dev->num_child_bus) {
          bus = QLIST_FIRST(&dev->child_bus);
          object_unparent(OBJECT(bus));
      }
-    if (dev->realized) {
-        object_property_set_bool(obj, false, "realized", NULL);
-    }
      if (dev->parent_bus) {
          bus_remove_child(dev->parent_bus, dev);
          object_unref(OBJECT(dev->parent_bus));



Paolo