From b807ca3fa0ca29ec015adcf4045e716337cd3635 Mon Sep 17 00:00:00 2001 From: Anthony PERARD Date: Mon, 8 Mar 2021 14:32:32 +0000 Subject: xen-block: Fix removal of backend instance via xenstore Whenever a Xen block device is detach via xenstore, the image associated with it remained open by the backend QEMU and an error is logged: qemu-system-i386: failed to destroy drive: Node xvdz-qcow2 is in use This happened since object_unparent() doesn't immediately frees the object and thus keep a reference to the node we are trying to free. The reference is hold by the "drive" property and the call xen_block_drive_destroy() fails. In order to fix that, we call drain_call_rcu() to run the callback setup by bus_remove_child() via object_unparent(). Fixes: 2d24a6466154 ("device-core: use RCU for list of children of a bus") Signed-off-by: Anthony PERARD Reviewed-by: Paul Durrant Message-Id: <20210308143232.83388-1-anthony.perard@citrix.com> --- hw/block/xen-block.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c index ac82d54..83754a4 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -972,6 +972,15 @@ static void xen_block_device_destroy(XenBackendInstance *backend, object_unparent(OBJECT(xendev)); + /* + * Drain all pending RCU callbacks as object_unparent() frees `xendev' + * in a RCU callback. + * And due to the property "drive" still existing in `xendev', we + * can't destroy the XenBlockDrive associated with `xendev' with + * xen_block_drive_destroy() below. + */ + drain_call_rcu(); + if (iothread) { xen_block_iothread_destroy(iothread, errp); if (*errp) { -- cgit v1.1