usb: fix usb_qdev_init() error handling again

Commit f462141f introduced clean up code when usb_qdev_init() fails. Unfortunately it calls .handle_destroy() when .init() was never invoked or failed. This can lead to crashes when .handle_destroy() tries to clean up things that were never initialized. This patch is careful to undo only those steps that completed along the usb_qdev_init() code path. It's not as pretty as the unified error handling in f462141f but it's necessary. Signed-off-by: N Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

usb: fix usb_qdev_init() error handling again
Commit f462141f introduced clean up code when usb_qdev_init() fails. Unfortunately it calls .handle_destroy() when .init() was never invoked or failed. This can lead to crashes when .handle_destroy() tries to clean up things that were never initialized. This patch is careful to undo only those steps that completed along the usb_qdev_init() code path. It's not as pretty as the unified error handling in f462141f but it's necessary. Signed-off-by: N Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
db3a5ed7 · Stefan Hajnoczi · Anthony Liguori · 56384e8b · db3a5ed7
隐藏空白更改
内联并排

Showing with 5 addition and 7 deletion

hw/usb-bus.c hw/usb-bus.c +5 -7

未找到文件。
--- a/hw/usb-bus.c
+++ b/hw/usb-bus.c
@@ -77,23 +77,21 @@ static int usb_qdev_init(DeviceState *qdev, DeviceInfo *base)
    QLIST_INIT(&dev->strings);
    rc = usb_claim_port(dev);
    if (rc != 0) {
-        goto err;
+        return rc;
    }
    rc = dev->info->init(dev);
    if (rc != 0) {
-        goto err;
+        usb_release_port(dev);
+        return rc;
    }
    if (dev->auto_attach) {
        rc = usb_device_attach(dev);
        if (rc != 0) {
-            goto err;
+            usb_qdev_exit(qdev);
+            return rc;
        }
    }
    return 0;
-
-err:
-    usb_qdev_exit(qdev);
-    return rc;
 }

 static int usb_qdev_exit(DeviceState *qdev)