From: Paolo Bonzini <[email protected]> SCRIPTS execution can trigger PCI device unplug and consequently a use-after-free after the unplug returns. Avoid this by keeping the device alive.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3090 Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit 4862d2c95104d9fd0430cc003c205094f8ada1f9) Signed-off-by: Michael Tokarev <[email protected]> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 6689ebba25..bf58212fb1 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1163,6 +1163,7 @@ static void lsi_execute_script(LSIState *s) s->waiting = LSI_NOWAIT; } + object_ref(s); reentrancy_level++; s->istat1 |= LSI_ISTAT1_SRUN; @@ -1182,6 +1183,7 @@ again: s->waiting = LSI_WAIT_SCRIPTS; lsi_scripts_timer_start(s); reentrancy_level--; + object_unref(s); return; } insn = read_dword(s, s->dsp); @@ -1630,6 +1632,7 @@ again: trace_lsi_execute_script_stop(); reentrancy_level--; + object_unref(s); } static uint8_t lsi_reg_readb(LSIState *s, int offset) -- 2.47.3
