From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: cornelia.huck@de.ibm.com, qemu-stable@nongnu.org, mst@redhat.com
Subject: [Qemu-devel] [PATCH v3 00/12] virtio: cleanup and fix hot-unplug
Date: Tue, 15 Oct 2013 18:46:38 +0200 [thread overview]
Message-ID: <1381855610-6890-1-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1379689080-32396-2-git-send-email-pbonzini@redhat.com>
This series fixes hot-unplug of virtio devices, which can crash due to
dangling pointer accesses.
The current implementation supports guest-initiated hot-unplug via the
virtio_bus_destroy_device function, but not hot-unplugging the virtio
device by virtue of unplugging its parent container device.
The problem is that the callback for the bus implementation to cleanup
is placed in the wrong place; it is in virtio_bus_destroy_device, which
should be called by the bus, instead of being somewhere in device code.
We need to have the callback in device code (for example in dc->exit),
so that we invoke it on every unplug action, no matter who starts it.
Thus, the series cleans up plugging and unplugging of virtio devices
so that it does not need any help from the bus (patches 2-5). It then
stops the virtio devices' overriding of dc->exit, moving their cleanup
code to the new exit callback in VirtioDeviceClass (patches 6-11).
Finally, patch 12 can make virtio-pci implement the device_unplugged
callback.
A similar dangling-pointer bug is exposed by this change in virtio-ccw.
Patch 1 avoids this; it is kept at the beginning to ensure bisectability.
v2->v3: fix to s390 patch; added Reviewed-by and Cced patch 1 to
qemu-stable.
v1->v2: remove useless pointer chasing in virtio_pci_notify, add
patch 1 to fix breakage reported by Cornelia.
Paolo Bonzini (12):
virtio-ccw: move virtio_ccw_stop_ioeventfd to virtio_ccw_busdev_unplug
virtio-bus: remove vdev field
virtio-ccw: remove vdev field
virtio-pci: remove vdev field
virtio-bus: cleanup plug/unplug interface
virtio-blk: switch exit callback to VirtioDeviceClass
virtio-serial: switch exit callback to VirtioDeviceClass
virtio-net: switch exit callback to VirtioDeviceClass
virtio-scsi: switch exit callback to VirtioDeviceClass
virtio-balloon: switch exit callback to VirtioDeviceClass
virtio-rng: switch exit callback to VirtioDeviceClass
virtio-pci: add device_unplugged callback
hw/block/virtio-blk.c | 10 ++--
hw/char/virtio-serial-bus.c | 10 ++--
hw/net/virtio-net.c | 11 ++--
hw/s390x/virtio-ccw.c | 83 +++++++++++++++------------
hw/s390x/virtio-ccw.h | 1 -
hw/scsi/vhost-scsi.c | 11 ++--
hw/scsi/virtio-scsi.c | 15 +++--
hw/virtio/virtio-balloon.c | 10 ++--
hw/virtio/virtio-bus.c | 81 ++++++++++++++------------
hw/virtio/virtio-mmio.c | 9 +--
hw/virtio/virtio-pci.c | 122 ++++++++++++++++++++++++----------------
hw/virtio/virtio-pci.h | 1 -
hw/virtio/virtio-rng.c | 10 ++--
hw/virtio/virtio.c | 7 ++-
include/hw/virtio/virtio-bus.h | 22 +++++---
include/hw/virtio/virtio-scsi.h | 2 +-
include/hw/virtio/virtio.h | 1 +
17 files changed, 227 insertions(+), 179 deletions(-)
--
1.8.3.1
next prev parent reply other threads:[~2013-10-15 16:47 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-20 14:57 [Qemu-devel] [PATCH 00/11] virtio: cleanup and fix hot-unplug Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 01/11] virtio-bus: remove vdev field Paolo Bonzini
2013-10-14 16:23 ` [Qemu-devel] [PATCH 12/11] virtio-pci: avoid extra pointer dereferences on fast path Paolo Bonzini
2013-10-15 12:13 ` Frederic Konrad
2013-10-15 12:16 ` Paolo Bonzini
2013-10-15 16:46 ` Paolo Bonzini [this message]
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 01/12] virtio-ccw: move virtio_ccw_stop_ioeventfd to virtio_ccw_busdev_unplug Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 02/12] virtio-bus: remove vdev field Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 03/12] virtio-ccw: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 04/12] virtio-pci: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 05/12] virtio-bus: cleanup plug/unplug interface Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 06/12] virtio-blk: switch exit callback to VirtioDeviceClass Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 07/12] virtio-serial: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 08/12] virtio-net: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 09/12] virtio-scsi: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 10/12] virtio-balloon: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 11/12] virtio-rng: " Paolo Bonzini
2013-10-15 16:46 ` [Qemu-devel] [PATCH v3 12/12] virtio-pci: add device_unplugged callback Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 02/11] virtio-pci: remove vdev field Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 03/11] virtio-ccw: " Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 04/11] virtio-bus: cleanup plug/unplug interface Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 05/11] virtio-blk: switch exit callback to VirtioDeviceClass Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 06/11] virtio-serial: " Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 07/11] virtio-net: " Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 08/11] virtio-scsi: " Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 09/11] virtio-balloon: " Paolo Bonzini
2013-09-20 14:57 ` [Qemu-devel] [PATCH 10/11] virtio-rng: " Paolo Bonzini
2013-09-20 14:58 ` [Qemu-devel] [PATCH 11/11] virtio-pci: add device_unplugged callback Paolo Bonzini
2013-09-21 19:17 ` [Qemu-devel] [PATCH 00/11] virtio: cleanup and fix hot-unplug Michael S. Tsirkin
2013-09-22 8:08 ` Paolo Bonzini
2013-10-08 15:45 ` Paolo Bonzini
2013-10-08 17:02 ` Paolo Bonzini
2013-10-15 12:32 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381855610-6890-1-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=cornelia.huck@de.ibm.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).