From 3600eec4d18bab55acee98364e3378d542af928a Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 21 May 2012 16:31:53 +0200
Subject: [PATCH] qemu_hotplug: Don't free the PCI device structure after
 hot-unplug

The pciDevice structure corresponding to the device being hot-unplugged
was freed after it was "stolen" from activeList. The pointer was still
used for eg-inactive list. This patch removes the free of the structure
and frees it only if reset fails on the device.
(cherry picked from commit db19417fc012416639c2230e5f19717b84245ce5)
---
 src/qemu/qemu_hotplug.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index a91c7095e6..2720752e03 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2004,13 +2004,16 @@ qemuDomainDetachHostPciDevice(struct qemud_driver *driver,
                        subsys->u.pci.slot,   subsys->u.pci.function);
     if (pci) {
         activePci = pciDeviceListSteal(driver->activePciHostdevs, pci);
-        if (pciResetDevice(activePci, driver->activePciHostdevs,
-                           driver->inactivePciHostdevs) == 0)
+        if (activePci &&
+            pciResetDevice(activePci, driver->activePciHostdevs,
+                           driver->inactivePciHostdevs) == 0) {
             qemuReattachPciDevice(activePci, driver);
-        else
+        } else {
+            /* reset of the device failed, treat it as if it was returned */
+            pciFreeDevice(activePci);
             ret = -1;
+        }
         pciFreeDevice(pci);
-        pciFreeDevice(activePci);
     } else {
         ret = -1;
     }