kvm tools: fix sigsegv in irq__exit

We free the structure, but never remove them from the tree or list, then
we freed them the next time we ran through that structure.

This patch also simplifies irq__exit a bit.

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Pekka Enberg <penberg@kernel.org>

diff --git a/tools/kvm/x86/irq.c b/tools/kvm/x86/irq.c
index dc07f28d22f142212ab6a087d577de7987447450..e83df99e03703d8d3eb46547cfac0b05b3ab98c5 100644 (file)
--- a/tools/kvm/x86/irq.c
+++ b/tools/kvm/x86/irq.c
@@ -179,25 +179,18 @@ int irq__exit(struct kvm *kvm)
 
        free(irq_routing);
 
-       ent = rb_first(&pci_tree);
-       for (;;) {
+       while ((ent = rb_first(&pci_tree))) {
                struct pci_dev *dev;
-               struct rb_node *next;
                struct irq_line *line;
-               struct list_head *node, *tmp;
-
-               if (!ent)
-                       break;
-
-               next = rb_next(ent);
 
                dev = rb_entry(ent, struct pci_dev, node);
-               list_for_each_safe(node, tmp, &dev->lines) {
-                       line = list_entry(node, struct irq_line, node);
+               while (!list_empty(&dev->lines)) {
+                       line = list_first_entry(&dev->lines, struct irq_line, node);
+                       list_del(&line->node);
                        free(line);
                }
+               rb_erase(&dev->node, &pci_tree);
                free(dev);
-               ent = next;
        }
 
        return 0;