From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
Alex Williamson <alex.williamson@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [Qemu-devel] [PATCH 08/12] vhost: Release memory references on cleanup
Date: Tue, 19 Sep 2017 19:45:17 -0500 [thread overview]
Message-ID: <20170920004521.9417-9-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170920004521.9417-1-mdroth@linux.vnet.ibm.com>
From: Alex Williamson <alex.williamson@redhat.com>
vhost registers a MemoryListener where it adds and removes references
to MemoryRegions as the MemoryRegionSections pass through. The
region_add callback is invoked for each existing section when the
MemoryListener is registered, but unregistering the MemoryListener
performs no reciprocal region_del callback. It's therefore the
owner of the MemoryListener's responsibility to cleanup any persistent
changes, such as these memory references, after unregistering.
The consequence of this bug is that if we have both a vhost device
and a vfio device, the vhost device will reference any mmap'd MMIO of
the vfio device via this MemoryListener. If the vhost device is then
removed, those references remain outstanding. If we then attempt to
remove the vfio device, it never gets finalized and the only way to
release the kernel file descriptors is to terminate the QEMU process.
Fixes: dfde4e6e1a86 ("memory: add ref/unref calls")
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # v1.6.0+
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit ee4c112846a0f2ac4fe5601918b0a2642ac8e2ed)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
hw/virtio/vhost.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 6eddb099b0..b737ca915b 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1356,6 +1356,10 @@ void vhost_dev_cleanup(struct vhost_dev *hdev)
if (hdev->mem) {
/* those are only safe after successful init */
memory_listener_unregister(&hdev->memory_listener);
+ for (i = 0; i < hdev->n_mem_sections; ++i) {
+ MemoryRegionSection *section = &hdev->mem_sections[i];
+ memory_region_unref(section->mr);
+ }
QLIST_REMOVE(hdev, entry);
}
if (hdev->migration_blocker) {
--
2.11.0
next prev parent reply other threads:[~2017-09-20 0:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-20 0:45 [Qemu-devel] [PATCH 00/12] Patch Round-up for stable 2.10.1, freeze on 2017-09-27 Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 01/12] slirp: fix clearing ifq_so from pending packets Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 02/12] s390-ccw: Fix alignment for CCW1 Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 03/12] target/arm: Fix aa64 ldp register writeback Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 04/12] virtfs: error out gracefully when mandatory suboptions are missing Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 05/12] arm_gicv3_kvm: Fix compile warning Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 06/12] hw/arm/allwinner-a10: Mark the allwinner-a10 device with user_creatable = false Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 07/12] qcow2: move qcow2_store_persistent_dirty_bitmaps() before cache flushing Michael Roth
2017-09-20 0:45 ` Michael Roth [this message]
2017-09-20 0:45 ` [Qemu-devel] [PATCH 09/12] mps2-an511: Fix wiring of UART overflow interrupt lines Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 10/12] scsi-bus: correct responses for INQUIRY and REQUEST SENSE Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 11/12] libvhost-user: support resuming vq->last_avail_idx based on used_idx Michael Roth
2017-09-20 0:45 ` [Qemu-devel] [PATCH 12/12] vhost-user-bridge: fix resume regression (since 2.9) Michael Roth
2017-09-20 7:16 ` [Qemu-devel] [PATCH 00/12] Patch Round-up for stable 2.10.1, freeze on 2017-09-27 Thomas Huth
2017-09-20 22:25 ` Greg Kurz
2017-09-25 20:55 ` Michael Roth
2017-09-28 22:37 ` [Qemu-devel] [Qemu-stable] " Bruce Rogers
2017-09-26 14:37 ` [Qemu-devel] " Anthony PERARD
2017-09-26 18:13 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170920004521.9417-9-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.