[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] vfio-pci: Fix missing unparent of dynamicall
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] vfio-pci: Fix missing unparent of dynamically allocated MemoryRegion |
|
Date: |
Mon, 02 Feb 2015 10:12:43 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 01/02/2015 17:06, Alex Williamson wrote:
> Commit d8d95814609e added explicit object_unparent() calls for
> dynamically allocated MemoryRegions. The VFIOMSIXInfo structure also
> contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
> above the MSI-X table. This structure is freed as part of the class
> exit function and therefore also needs an explicit object_unparent().
> Failing to do this results in random segfaults due to fields within
> the structure, often the class pointer, being reclaimed and corrupted
> by the time object_finalize_child_property() is called for the object.
>
> Signed-off-by: Alex Williamson <address@hidden>
> Cc: Paolo Bonzini <address@hidden>
> Cc: address@hidden
> ---
>
> hw/vfio/pci.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 014a92c..29caabc 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -3065,6 +3065,7 @@ static void vfio_put_device(VFIOPCIDevice *vdev)
> {
> g_free(vdev->vbasedev.name);
> if (vdev->msix) {
> + object_unparent(OBJECT(&vdev->msix->mmap_mem));
> g_free(vdev->msix);
> vdev->msix = NULL;
> }
>
Reviewed-by: Paolo Bonzini <address@hidden>
Perhaps specify "# 2.2" on the "Cc: address@hidden" line and/or
add a "Fixes: ..." line.
Paolo