|
 |
9bac43 |
From f221643835f73976adf07ebe355176b09decb558 Mon Sep 17 00:00:00 2001
|
|
|
9bac43 |
From: Alex Williamson <alex.williamson@redhat.com>
|
|
|
9bac43 |
Date: Mon, 11 Sep 2017 20:43:08 +0200
|
|
|
9bac43 |
Subject: [PATCH 01/34] vhost: Release memory references on cleanup
|
|
|
9bac43 |
|
|
|
9bac43 |
RH-Author: Alex Williamson <alex.williamson@redhat.com>
|
|
|
9bac43 |
Message-id: <20170911204254.12489.22036.stgit@redhat.home>
|
|
|
9bac43 |
Patchwork-id: 76307
|
|
|
9bac43 |
O-Subject: [RHEL-7.5 qemu-kvm-rhev PATCH 1/1] vhost: Release memory references on cleanup
|
|
|
9bac43 |
Bugzilla: 1489670
|
|
|
9bac43 |
RH-Acked-by: John Snow <jsnow@redhat.com>
|
|
|
9bac43 |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9bac43 |
RH-Acked-by: Auger Eric <eric.auger@redhat.com>
|
|
|
9bac43 |
|
|
|
9bac43 |
vhost registers a MemoryListener where it adds and removes references
|
|
|
9bac43 |
to MemoryRegions as the MemoryRegionSections pass through. The
|
|
|
9bac43 |
region_add callback is invoked for each existing section when the
|
|
|
9bac43 |
MemoryListener is registered, but unregistering the MemoryListener
|
|
|
9bac43 |
performs no reciprocal region_del callback. It's therefore the
|
|
|
9bac43 |
owner of the MemoryListener's responsibility to cleanup any persistent
|
|
|
9bac43 |
changes, such as these memory references, after unregistering.
|
|
|
9bac43 |
|
|
|
9bac43 |
The consequence of this bug is that if we have both a vhost device
|
|
|
9bac43 |
and a vfio device, the vhost device will reference any mmap'd MMIO of
|
|
|
9bac43 |
the vfio device via this MemoryListener. If the vhost device is then
|
|
|
9bac43 |
removed, those references remain outstanding. If we then attempt to
|
|
|
9bac43 |
remove the vfio device, it never gets finalized and the only way to
|
|
|
9bac43 |
release the kernel file descriptors is to terminate the QEMU process.
|
|
|
9bac43 |
|
|
|
9bac43 |
Fixes: dfde4e6e1a86 ("memory: add ref/unref calls")
|
|
|
9bac43 |
Cc: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9bac43 |
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9bac43 |
Cc: qemu-stable@nongnu.org # v1.6.0+
|
|
|
9bac43 |
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
|
|
9bac43 |
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9bac43 |
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9bac43 |
(cherry picked from commit ee4c112846a0f2ac4fe5601918b0a2642ac8e2ed)
|
|
|
9bac43 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9bac43 |
---
|
|
|
9bac43 |
hw/virtio/vhost.c | 4 ++++
|
|
|
9bac43 |
1 file changed, 4 insertions(+)
|
|
|
9bac43 |
|
|
|
9bac43 |
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
|
|
|
9bac43 |
index 6eddb09..b737ca9 100644
|
|
|
9bac43 |
--- a/hw/virtio/vhost.c
|
|
|
9bac43 |
+++ b/hw/virtio/vhost.c
|
|
|
9bac43 |
@@ -1356,6 +1356,10 @@ void vhost_dev_cleanup(struct vhost_dev *hdev)
|
|
|
9bac43 |
if (hdev->mem) {
|
|
|
9bac43 |
/* those are only safe after successful init */
|
|
|
9bac43 |
memory_listener_unregister(&hdev->memory_listener);
|
|
|
9bac43 |
+ for (i = 0; i < hdev->n_mem_sections; ++i) {
|
|
|
9bac43 |
+ MemoryRegionSection *section = &hdev->mem_sections[i];
|
|
|
9bac43 |
+ memory_region_unref(section->mr);
|
|
|
9bac43 |
+ }
|
|
|
9bac43 |
QLIST_REMOVE(hdev, entry);
|
|
|
9bac43 |
}
|
|
|
9bac43 |
if (hdev->migration_blocker) {
|
|
|
9bac43 |
--
|
|
|
9bac43 |
1.8.3.1
|
|
|
9bac43 |
|