[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-9.1.2 68/72] vfio/container: Fix container object destruction
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-9.1.2 68/72] vfio/container: Fix container object destruction |
|
Date: |
Tue, 19 Nov 2024 09:04:09 +0300 |
From: Cédric Le Goater <clg@redhat.com>
When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
it did not take into account that the container was not necessarily
inserted into the container list of the address space. Hence, if
the container object is destroyed, by calling object_unref() for
example, before vfio_address_space_insert() is called, QEMU may
crash when removing the container from the list as done in
vfio_container_instance_finalize(). This was seen with an SEV-SNP
guest for which discarding of RAM fails.
To resolve this issue, use the safe version of QLIST_REMOVE().
Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
Cc: Eric Auger <eric.auger@redhat.com>
Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an
instance_finalize() handler")
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit ebbf7c60bbd1ceedf9faf962e428ceda2388c248)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c
index 809b157674..6f86c37d97 100644
--- a/hw/vfio/container-base.c
+++ b/hw/vfio/container-base.c
@@ -103,7 +103,7 @@ static void vfio_container_instance_finalize(Object *obj)
VFIOContainerBase *bcontainer = VFIO_IOMMU(obj);
VFIOGuestIOMMU *giommu, *tmp;
- QLIST_REMOVE(bcontainer, next);
+ QLIST_SAFE_REMOVE(bcontainer, next);
QLIST_FOREACH_SAFE(giommu, &bcontainer->giommu_list, giommu_next, tmp) {
memory_region_unregister_iommu_notifier(
--
2.39.5
- [Stable-9.1.2 59/72] hw/i386/pc: Don't try to init PCI NICs if there is no PCI bus, (continued)
- [Stable-9.1.2 59/72] hw/i386/pc: Don't try to init PCI NICs if there is no PCI bus, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 58/72] target/i386: Fix legacy page table walk, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 60/72] linux-user: Fix setreuid and setregid to use direct syscalls, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 61/72] target/arm: Drop user-only special case in sve_stN_r, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 63/72] linux-user: Tolerate CONFIG_LSM_MMAP_MIN_ADDR, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 62/72] accel/tcg: Fix user-only probe_access_internal plugin check, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 65/72] linux-user/arm: Select vdso for be8 and be32 modes, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 66/72] tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc(), Michael Tokarev, 2024/11/19
- [Stable-9.1.2 64/72] linux-user/arm: Reduce vdso alignment to 4k, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 67/72] target/i386: fix hang when using slow path for ptw_setl, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 68/72] vfio/container: Fix container object destruction,
Michael Tokarev <=
- [Stable-9.1.2 69/72] hw/misc/mos6522: Fix bad class definition of the MOS6522 device, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 70/72] Revert "hw/audio/hda: fix memory leak on audio setup", Michael Tokarev, 2024/11/19
- [Stable-9.1.2 71/72] hw/audio/hda: fix memory leak on audio setup, Michael Tokarev, 2024/11/19
- [Stable-9.1.2 72/72] usb-hub: Fix handling port power control messages, Michael Tokarev, 2024/11/19