diff options
| author | Cédric Le Goater <clg@redhat.com> | 2024-11-15 09:34:40 +0100 |
|---|---|---|
| committer | Cédric Le Goater <clg@redhat.com> | 2024-11-18 08:40:06 +0100 |
| commit | ebbf7c60bbd1ceedf9faf962e428ceda2388c248 (patch) | |
| tree | 4be9b60740cee33015e4265d1f1a6a509638b795 /module-common.c | |
| parent | 66650fd0cc67e11f84521a114a7cbc8a8a5033ff (diff) | |
| download | qemu-ebbf7c60bbd1ceedf9faf962e428ceda2388c248.zip qemu-ebbf7c60bbd1ceedf9faf962e428ceda2388c248.tar.gz qemu-ebbf7c60bbd1ceedf9faf962e428ceda2388c248.tar.bz2 | |
vfio/container: Fix container object destruction
When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
it did not take into account that the container was not necessarily
inserted into the container list of the address space. Hence, if
the container object is destroyed, by calling object_unref() for
example, before vfio_address_space_insert() is called, QEMU may
crash when removing the container from the list as done in
vfio_container_instance_finalize(). This was seen with an SEV-SNP
guest for which discarding of RAM fails.
To resolve this issue, use the safe version of QLIST_REMOVE().
Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
Cc: Eric Auger <eric.auger@redhat.com>
Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an instance_finalize() handler")
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Diffstat (limited to 'module-common.c')
0 files changed, 0 insertions, 0 deletions