On Thu, 2025-08-21 at 14:26 +0000, Jonah Palmer wrote:
> Makes the net_hub_port_cleanup function idempotent to avoid double
> removals by guarding its QLIST_REMOVE with a flag.
>
> When using a Xen networking device with hubport backends, e.g.:
>
> -accel kvm,xen-version=0x40011
> -netdev hubport,...
> -device xen-net-device,...
>
> the shutdown order starts with net_cleanup, which walks the list and
> deletes netdevs (including hubports). Then Xen's xen_device_unrealize is
> called, which eventually leads to a second net_hub_port_cleanup call,
> resulting in a segfault.
>
> Fixes: e7891c57 ("net: move backend cleanup to NIC cleanup")Tested-by: David Woodhouse <d...@amazon.co.uk> But I hate it. The lifetime of these objects is confusing, and this patch doesn't make it nicer. Why is it OK for the object to be taken off the list while it still exists and is findable by other pointers? What does it *mean* for it to be in that state? Doesn't it have a refcount? Can't it be unlisted *and* freed only when that refcount goes to zero?
smime.p7s
Description: S/MIME cryptographic signature
