On 11/07/2016 13:23, Jason Wang wrote:
>
>
> On 2016年07月11日 17:18, Paolo Bonzini wrote:
>>
>> On 11/07/2016 11:06, Jason Wang wrote:
>>>
>>> On 2016年07月08日 23:27, Paolo Bonzini wrote:
>>>> Otherwise, vhost-user causes a use-after-free.
>>>>
>>>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>>>> ---
>>>> vl.c | 6 +++---
>>>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/vl.c b/vl.c
>>>> index d0b9ff9..005162d 100644
>>>> --- a/vl.c
>>>> +++ b/vl.c
>>>> @@ -4327,9 +4327,6 @@ int main(int argc, char **argv, char **envp)
>>>> qemu_opts_del(icount_opts);
>>>> }
>>>> - /* clean up network at qemu process termination */
>>>> - atexit(&net_cleanup);
>>>> -
>>>> if (default_net) {
>>>> QemuOptsList *net = qemu_find_opts("net");
>>>> qemu_opts_set(net, NULL, "type", "nic", &error_abort);
>>>> @@ -4596,6 +4593,9 @@ int main(int argc, char **argv, char **envp)
>>>> #ifdef CONFIG_TPM
>>>> tpm_cleanup();
>>>> #endif
>>>> +
>>>> + /* vhost-user must be cleaned up before chardevs. */
>>>> + net_cleanup();
>>>> qemu_chr_cleanup();
>>>> return 0;
>>> Patch does not seems to be applied on master. Which tree is this patch
>>> based?
>> It's applied on top of Marc-André's character device cleanup series.
>
> Ok, but looks like the issue we tried to solve with commit
> f30dbae63a46f23116715dff8d130c7d01ff02be will appear again?
You're right. :/
Marc-André, I think a possible solution is this:
1) add a Notifier to struct TAPState and register it with
qemu_add_exit_notifier. The notifier, when called, invokes the down_script.
2) in tap_cleanup, invoke the down_script and unregister the notifier
with qemu_remove_exit_notifier.
Can you implement this?
Paolo
