When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
it did not take into account that the container was not necessarily
inserted into the container list of the address space. Hence, if
the container object is destroyed, by calling object_unref() for
example, before vfio_address_space_insert() is called, QEMU may
crash when removing the container from the list as done in
vfio_container_instance_finalize(). This was seen with an SEV-SNP
guest for which discarding of RAM fails.
To resolve this issue, insert the container object into the address
space's container list earlier, just after it is created.
Cc: Zhenzhong Duan <zhenzhong.d...@intel.com>
Cc: Eric Auger <eric.au...@redhat.com>
Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an
instance_finalize() handler")
Signed-off-by: Cédric Le Goater <c...@redhat.com>
---
hw/vfio/container.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/vfio/container.c b/hw/vfio/container.c
index
9ccdb639ac84f885da40eace8a0059f397295619..b42466701bf13818b538483ec4c143ce6f83c598
100644
--- a/hw/vfio/container.c
+++ b/hw/vfio/container.c
@@ -618,6 +618,8 @@ static bool vfio_connect_container(VFIOGroup *group,
AddressSpace *as,
}
bcontainer = &container->bcontainer;
+ vfio_address_space_insert(space, bcontainer);
+
if (!vfio_cpr_register_container(bcontainer, errp)) {
goto free_container_exit;
}
@@ -637,8 +639,6 @@ static bool vfio_connect_container(VFIOGroup *group,
AddressSpace *as,
vfio_kvm_device_add_group(group);
- vfio_address_space_insert(space, bcontainer);
-
group->container = container;
QLIST_INSERT_HEAD(&container->group_list, group, container_next);
--
2.47.0
