From 9a873c71e91cabf4c10fd9bbd8358c22deaf6c9e Mon Sep 17 00:00:00 2001
From: Chas Williams <3chas3@gmail.com>
Date: Wed, 19 Aug 2015 19:14:20 -0400
Subject: net/xen-netfront: only clean up queues if present

If you simply load and unload the module without starting the interfaces,
the queues are never created and you get a bad pointer dereference.

Signed-off-by: Chas Williams <3chas3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index f948c46..002062d 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1336,7 +1336,7 @@ static void xennet_disconnect_backend(struct netfront_info *info)
 
 	netif_carrier_off(info->netdev);
 
-	for (i = 0; i < num_queues; ++i) {
+	for (i = 0; i < num_queues && info->queues; ++i) {
 		struct netfront_queue *queue = &info->queues[i];
 
 		if (queue->tx_irq && (queue->tx_irq == queue->rx_irq))
@@ -2101,7 +2101,8 @@ static int xennet_remove(struct xenbus_device *dev)
 
 	unregister_netdev(info->netdev);
 
-	xennet_destroy_queues(info);
+	if (info->queues)
+		xennet_destroy_queues(info);
 	xennet_free_netdev(info->netdev);
 
 	return 0;
-- 
cgit v0.10.2