[Qemu-stable] [PATCH] vfio-pci: unparent BAR subregions

[Alex Williamson]

Commit d8d95814609e replaced a number of memory_region_destroy()
calls with object_unparent() calls.  The logic appears to be that
subregions need to be unparented, but the base region is destroyed
with the device object.  Doing hotplug testing with vfio-pci I
occasionally get a segfault from object_finalize_child_property()
due to completely bogus class pointers on the child Object.  Adding
the explicit object_unparent() for these subregions resolves the
problem, however I question the sanity of the Memory API now where
we sometimes need to destroy MemoryRegions, but the rules aren't
clear and there's no longer a memory_region_destroy() function, so
we need to reach over to some other random QEMU API and unparent
an object that we barely know about and certainly didn't explicitly
parent previously.

Signed-off-by: Alex Williamson <address@hidden>
Cc: Paolo Bonzini <address@hidden>
Cc: address@hidden
---

 hw/vfio/pci.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 014a92c..c71499e 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2294,10 +2294,12 @@ static void vfio_unmap_bar(VFIOPCIDevice *vdev, int nr)
 
     memory_region_del_subregion(&bar->region.mem, &bar->region.mmap_mem);
     munmap(bar->region.mmap, memory_region_size(&bar->region.mmap_mem));
+    object_unparent(OBJECT(&bar->region.mmap_mem));
 
     if (vdev->msix && vdev->msix->table_bar == nr) {
         memory_region_del_subregion(&bar->region.mem, &vdev->msix->mmap_mem);
         munmap(vdev->msix->mmap, memory_region_size(&vdev->msix->mmap_mem));
+        object_unparent(OBJECT(&vdev->msix->mmap_mem));
     }
 }