When hot-unplug a virtio nic with vhost-net backend, guest may continue to program the nic even if its peer have been deleted. We can not set features at this time as vhost_net_ack_features() may still try to use the tap related vhost_net structure which have been freed in tap_cleanup(). And setting offload features for a deleted backend is also meaningless in this situation
Signed-off-by: Jason Wang <jasow...@redhat.com> --- hw/virtio-net.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/hw/virtio-net.c b/hw/virtio-net.c index 7e1688c..68c8e48 100644 --- a/hw/virtio-net.c +++ b/hw/virtio-net.c @@ -245,6 +245,9 @@ static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features) { VirtIONet *n = to_virtio_net(vdev); + if (n->nic->peer_deleted) + return; + n->mergeable_rx_bufs = !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF)); if (n->has_vnet_hdr) {