From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36045)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1YID43-0001Et-Lh
	for qemu-devel@nongnu.org; Mon, 02 Feb 2015 04:13:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1YID3z-0002Pt-EK
	for qemu-devel@nongnu.org; Mon, 02 Feb 2015 04:13:03 -0500
Message-ID: <54CF3F8B.2060503@redhat.com>
Date: Mon, 02 Feb 2015 10:12:43 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <20150201160602.1167.7247.stgit@gimli.home>
In-Reply-To: <20150201160602.1167.7247.stgit@gimli.home>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2] vfio-pci: Fix missing unparent of
 dynamically allocated MemoryRegion
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alex Williamson <alex.williamson@redhat.com>, qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org



On 01/02/2015 17:06, Alex Williamson wrote:
> Commit d8d95814609e added explicit object_unparent() calls for
> dynamically allocated MemoryRegions.  The VFIOMSIXInfo structure also
> contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
> above the MSI-X table.  This structure is freed as part of the class
> exit function and therefore also needs an explicit object_unparent().
> Failing to do this results in random segfaults due to fields within
> the structure, often the class pointer, being reclaimed and corrupted
> by the time object_finalize_child_property() is called for the object.
> 
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: qemu-stable@nongnu.org
> ---
> 
>  hw/vfio/pci.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 014a92c..29caabc 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -3065,6 +3065,7 @@ static void vfio_put_device(VFIOPCIDevice *vdev)
>  {
>      g_free(vdev->vbasedev.name);
>      if (vdev->msix) {
> +        object_unparent(OBJECT(&vdev->msix->mmap_mem));
>          g_free(vdev->msix);
>          vdev->msix = NULL;
>      }
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Perhaps specify "# 2.2" on the "Cc: qemu-stable@nongnu.org" line and/or
add a "Fixes: ..." line.

Paolo