[Qemu-devel] [PATCH 0/3] virtio-balloon: stats vq fixes

[Ladi Prosek]

This is another series that aims to fix issues with the balloon stats
queue, heavily inspired by previous patches posted by Stefan and Roman.

Stefan Hajnoczi (1):
  virtio: add virtqueue_rewind()

Ladi Prosek (2):
  virtio-balloon: discard virtqueue element on reset
  virtio-balloon: fix stats vq migration

The first patch addresses the "inuse leak" issue which was discovered
recently.

The virtqueue_rewind() implementation is reposted verbatim. However,
it is called from the set_status callback, same as in Roman's patch.
Doing it in balloon_stats_poll_cb (Stefan's patch) is potentially
problematic because the guest may push another buffer to the queue
before the timer fires, so we could still leak a virtqueue slot.
Also, we want to call the full-blown virtio_balloon_receive_stats and
not manually reconstruct only some pieces of the state. It is not
necessary to check balloon_stats_supported. Pushing buffers without
negotiating stats support would be a driver bug. The common codepath
does not check it either.