From 424dfdfb24dfa6b98c567a5c6585e4a5139ddba8 Mon Sep 17 00:00:00 2001
From: Sasha Levin <levinsasha928@gmail.com>
Date: Wed, 9 May 2012 14:24:45 +0200
Subject: [PATCH] kvm tools: fix sigsegv in irq__exit

We free the structure, but never remove them from the tree or list, then
we freed them the next time we ran through that structure.

This patch also simplifies irq__exit a bit.

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
---
 tools/kvm/x86/irq.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/tools/kvm/x86/irq.c b/tools/kvm/x86/irq.c
index dc07f28d22f1..e83df99e0370 100644
--- a/tools/kvm/x86/irq.c
+++ b/tools/kvm/x86/irq.c
@@ -179,25 +179,18 @@ int irq__exit(struct kvm *kvm)
 
 	free(irq_routing);
 
-	ent = rb_first(&pci_tree);
-	for (;;) {
+	while ((ent = rb_first(&pci_tree))) {
 		struct pci_dev *dev;
-		struct rb_node *next;
 		struct irq_line *line;
-		struct list_head *node, *tmp;
-
-		if (!ent)
-			break;
-
-		next = rb_next(ent);
 
 		dev = rb_entry(ent, struct pci_dev, node);
-		list_for_each_safe(node, tmp, &dev->lines) {
-			line = list_entry(node, struct irq_line, node);
+		while (!list_empty(&dev->lines)) {
+			line = list_first_entry(&dev->lines, struct irq_line, node);
+			list_del(&line->node);
 			free(line);
 		}
+		rb_erase(&dev->node, &pci_tree);
 		free(dev);
-		ent = next;
 	}
 
 	return 0;
-- 
2.39.5