net/xen-netfront: only clean up queues if present

If you simply load and unload the module without starting the interfaces,
the queues are never created and you get a bad pointer dereference.

Signed-off-by: Chas Williams <3chas3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index f948c46..002062d 100644 (file)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1336,7 +1336,7 @@ static void xennet_disconnect_backend(struct netfront_info *info)
 
        netif_carrier_off(info->netdev);
 
-       for (i = 0; i < num_queues; ++i) {
+       for (i = 0; i < num_queues && info->queues; ++i) {
                struct netfront_queue *queue = &info->queues[i];
 
                if (queue->tx_irq && (queue->tx_irq == queue->rx_irq))
@@ -2101,7 +2101,8 @@ static int xennet_remove(struct xenbus_device *dev)
 
        unregister_netdev(info->netdev);
 
-       xennet_destroy_queues(info);
+       if (info->queues)
+               xennet_destroy_queues(info);
        xennet_free_netdev(info->netdev);
 
        return 0;