[PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize()
@ 2024-07-19 16:50 Eric Auger
  2024-07-20  6:57 ` Cédric Le Goater
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Eric Auger @ 2024-07-19 16:50 UTC (permalink / raw)
  To: eric.auger.pro, eric.auger, qemu-devel, qemu-arm, clg,
	zhenzhong.duan, alex.williamson
  Cc: yanghliu

In vfio_connect_container's error path, the base container is
removed twice form the VFIOAddressSpace QLIST: first on the
listener_release_exit label and second, on free_container_exit
label, through object_unref(container), which calls
vfio_container_instance_finalize().

Let's remove the first instance.

Fixes: 938026053f4 ("vfio/container: Switch to QOM")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
 hw/vfio/container.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/vfio/container.c b/hw/vfio/container.c
index 425db1a14c..d8b7c533af 100644
--- a/hw/vfio/container.c
+++ b/hw/vfio/container.c
@@ -657,7 +657,6 @@ static bool vfio_connect_container(VFIOGroup *group, AddressSpace *as,
     return true;
 listener_release_exit:
     QLIST_REMOVE(group, container_next);
-    QLIST_REMOVE(bcontainer, next);
     vfio_kvm_device_del_group(group);
     memory_listener_unregister(&bcontainer->listener);
     if (vioc->release) {
-- 
2.41.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize()
  2024-07-19 16:50 [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize() Eric Auger
@ 2024-07-20  6:57 ` Cédric Le Goater
  2024-07-22  6:29 ` Duan, Zhenzhong
  2024-07-22 13:50 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2024-07-20  6:57 UTC (permalink / raw)
  To: Eric Auger, eric.auger.pro, qemu-devel, qemu-arm, zhenzhong.duan,
	alex.williamson
  Cc: yanghliu

On 7/19/24 18:50, Eric Auger wrote:
> In vfio_connect_container's error path, the base container is
> removed twice form the VFIOAddressSpace QLIST: first on the
> listener_release_exit label and second, on free_container_exit
> label, through object_unref(container), which calls
> vfio_container_instance_finalize().
> 
> Let's remove the first instance.
> 
> Fixes: 938026053f4 ("vfio/container: Switch to QOM")
> Signed-off-by: Eric Auger <eric.auger@redhat.com>

Oh. Nice catch !


Reviewed-by: Cédric Le Goater <clg@redhat.com>

Thanks,

C.


> ---
>   hw/vfio/container.c | 1 -
>   1 file changed, 1 deletion(-)
> 
> diff --git a/hw/vfio/container.c b/hw/vfio/container.c
> index 425db1a14c..d8b7c533af 100644
> --- a/hw/vfio/container.c
> +++ b/hw/vfio/container.c
> @@ -657,7 +657,6 @@ static bool vfio_connect_container(VFIOGroup *group, AddressSpace *as,
>       return true;
>   listener_release_exit:
>       QLIST_REMOVE(group, container_next);
> -    QLIST_REMOVE(bcontainer, next);
>       vfio_kvm_device_del_group(group);
>       memory_listener_unregister(&bcontainer->listener);
>       if (vioc->release) {



^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize()
  2024-07-19 16:50 [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize() Eric Auger
  2024-07-20  6:57 ` Cédric Le Goater
@ 2024-07-22  6:29 ` Duan, Zhenzhong
  2024-07-22 13:50 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Duan, Zhenzhong @ 2024-07-22  6:29 UTC (permalink / raw)
  To: Eric Auger, eric.auger.pro@gmail.com, qemu-devel@nongnu.org,
	qemu-arm@nongnu.org, clg@redhat.com, alex.williamson@redhat.com
  Cc: yanghliu@redhat.com



>-----Original Message-----
>From: Eric Auger <eric.auger@redhat.com>
>Subject: [PATCH] hw/vfio/container: Fix SIGSEV on
>vfio_container_instance_finalize()
>
>In vfio_connect_container's error path, the base container is
>removed twice form the VFIOAddressSpace QLIST: first on the
>listener_release_exit label and second, on free_container_exit
>label, through object_unref(container), which calls
>vfio_container_instance_finalize().
>
>Let's remove the first instance.
>
>Fixes: 938026053f4 ("vfio/container: Switch to QOM")
>Signed-off-by: Eric Auger <eric.auger@redhat.com>

Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>

Thanks
Zhenzhong

>---
> hw/vfio/container.c | 1 -
> 1 file changed, 1 deletion(-)
>
>diff --git a/hw/vfio/container.c b/hw/vfio/container.c
>index 425db1a14c..d8b7c533af 100644
>--- a/hw/vfio/container.c
>+++ b/hw/vfio/container.c
>@@ -657,7 +657,6 @@ static bool vfio_connect_container(VFIOGroup
>*group, AddressSpace *as,
>     return true;
> listener_release_exit:
>     QLIST_REMOVE(group, container_next);
>-    QLIST_REMOVE(bcontainer, next);
>     vfio_kvm_device_del_group(group);
>     memory_listener_unregister(&bcontainer->listener);
>     if (vioc->release) {
>--
>2.41.0



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize()
  2024-07-19 16:50 [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize() Eric Auger
  2024-07-20  6:57 ` Cédric Le Goater
  2024-07-22  6:29 ` Duan, Zhenzhong
@ 2024-07-22 13:50 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2024-07-22 13:50 UTC (permalink / raw)
  To: Eric Auger, eric.auger.pro, qemu-devel, qemu-arm, zhenzhong.duan,
	alex.williamson
  Cc: yanghliu

On 7/19/24 18:50, Eric Auger wrote:
> In vfio_connect_container's error path, the base container is
> removed twice form the VFIOAddressSpace QLIST: first on the
> listener_release_exit label and second, on free_container_exit
> label, through object_unref(container), which calls
> vfio_container_instance_finalize().
> 
> Let's remove the first instance.
> 
> Fixes: 938026053f4 ("vfio/container: Switch to QOM")
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> ---
>   hw/vfio/container.c | 1 -
>   1 file changed, 1 deletion(-)
> 
> diff --git a/hw/vfio/container.c b/hw/vfio/container.c
> index 425db1a14c..d8b7c533af 100644
> --- a/hw/vfio/container.c
> +++ b/hw/vfio/container.c
> @@ -657,7 +657,6 @@ static bool vfio_connect_container(VFIOGroup *group, AddressSpace *as,
>       return true;
>   listener_release_exit:
>       QLIST_REMOVE(group, container_next);
> -    QLIST_REMOVE(bcontainer, next);
>       vfio_kvm_device_del_group(group);
>       memory_listener_unregister(&bcontainer->listener);
>       if (vioc->release) {


Applied to vfio-next.

Thanks,

C.




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-07-22 13:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-19 16:50 [PATCH] hw/vfio/container: Fix SIGSEV on vfio_container_instance_finalize() Eric Auger
2024-07-20  6:57 ` Cédric Le Goater
2024-07-22  6:29 ` Duan, Zhenzhong
2024-07-22 13:50 ` Cédric Le Goater

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).