[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 11/12] virtio-pci: fix MSI memory region use after fr
|
From: |
Michael S. Tsirkin |
|
Subject: |
[Qemu-devel] [PULL 11/12] virtio-pci: fix MSI memory region use after free |
|
Date: |
Mon, 7 Jul 2014 15:40:44 +0300 |
From: Paolo Bonzini <address@hidden>
After memory region QOMification QEMU is stricter in detecting
wrong usage of the memory region API. Here it detected a
memory_region_destroy done before the corresponding
memory_region_del_subregion; the memory_region_destroy is
done by msix_uninit_exclusive_bar, the memory_region_del_subregion
is done by the PCI core's pci_unregister_io_regions before
pc->exit is called.
The problem was introduced by
commit 06a1307379fcd6c551185ad87679cd7ed896b9ea
virtio-pci: add device_unplugged callback
As noted in that commit log, virtio device kick callbacks need to be
stopped before generic virtio is cleaned up. This is because these are
notifications from pci proxy to the generic virtio device so they need
to be stopped in the unplug call before the virtio device is unrealized.
However interrupts are notifications from the virtio device to
the pci proxy so they need to stay around while the device
is realized.
The memory API misuse caused an assertion when hot-unplugging virtio
devices. Using the API correctly fixes the assertion.
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/virtio/virtio-pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 7102728..3007319 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1002,11 +1002,9 @@ static void virtio_pci_device_plugged(DeviceState *d)
static void virtio_pci_device_unplugged(DeviceState *d)
{
- PCIDevice *pci_dev = PCI_DEVICE(d);
VirtIOPCIProxy *proxy = VIRTIO_PCI(d);
virtio_pci_stop_ioeventfd(proxy);
- msix_uninit_exclusive_bar(pci_dev);
}
static int virtio_pci_init(PCIDevice *pci_dev)
@@ -1023,6 +1021,8 @@ static int virtio_pci_init(PCIDevice *pci_dev)
static void virtio_pci_exit(PCIDevice *pci_dev)
{
VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev);
+
+ msix_uninit_exclusive_bar(pci_dev);
memory_region_destroy(&proxy->bar);
}
--
MST
- [Qemu-devel] [PULL 00/12] pc,vhost,virtio fixes, test, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 01/12] qtest: enable vhost-user-test, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 02/12] numa: check for busy memory backend, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 03/12] pc-dimm: error out if memory hotplug is not enabled, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 12/12] qemu-char: add chr_add_watch support in mux chardev, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 10/12] qdev: Fix crash when using non-device class name on -global, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 06/12] pci: assign devfn to pci_dev before calling pci_device_iommu_address_space(), Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 08/12] hw/virtio: enable common virtio feature for mmio device, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 07/12] acpi: fix typo in memory hotplug MMIO region name, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 05/12] Handle G_IO_HUP in tcp_chr_read for tcp chardev, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 11/12] virtio-pci: fix MSI memory region use after free,
Michael S. Tsirkin <=
- [Qemu-devel] [PULL 09/12] qdev: Don't abort() in case globals can't be set, Michael S. Tsirkin, 2014/07/07
- [Qemu-devel] [PULL 04/12] virtio: move common virtio properties to bus class device, Michael S. Tsirkin, 2014/07/07
- Re: [Qemu-devel] [PULL 00/12] pc,vhost,virtio fixes, test, Peter Maydell, 2014/07/07