Zhenzhong
On 11/15/24 08:45, Duan, Zhenzhong wrote:
Hi Cédric,
-----Original Message-----
From: Cédric Le Goater <c...@redhat.com>
Sent: Friday, November 15, 2024 2:53 PM
Subject: [PATCH for-9.2] vfio/container: Fix container object destruction
When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
it did not take into account that the container was not necessarily
inserted into the container list of the address space. Hence, if
the container object is destroyed, by calling object_unref() for
example, before vfio_address_space_insert() is called, QEMU may
crash when removing the container from the list as done in
vfio_container_instance_finalize(). This was seen with an SEV-SNP
guest for which discarding of RAM fails.
To resolve this issue, insert the container object into the address
space's container list earlier, just after it is created.
It looks we still have issue if create a container then release it right away?
There is a small window indeed in the sequence. It is not an issue
today because there are no error handling path which would destroy
the object but it could be changed in the future.
I think we should move the insertion of the container in the container
list of the address space in vfio_create_container() after the call
to VFIO_GROUP_SET_CONTAINER. With the change you proposed below, we
care less.
If that's true, I would suggest to also use QLIST_SAFE_REMOVE for
QLIST_REMOVE(bcontainer, next) besides this change.
Oh. I was not aware of version of QLIST_REMOVE. Yes, let's do that
for 9.2.
Thanks,
C.
