Il 29/11/2013 11:17, Paolo Bonzini ha scritto: > This series fixes hot-unplug of virtio devices, which can crash due to > dangling pointer accesses. > > The current implementation supports guest-initiated hot-unplug via the > virtio_bus_destroy_device function, but not hot-unplugging the virtio > device by virtue of unplugging its parent container device. > > The problem is that the callback for the bus implementation to cleanup > is placed in the wrong place; it is in virtio_bus_destroy_device, which > should be called by the bus, instead of being somewhere in device code. > We need to have the callback in device code (for example in dc->exit), > so that we invoke it on every unplug action, no matter who starts it. > > Thus, the series cleans up plugging and unplugging of virtio devices > so that it does not need any help from the bus (patches 2-5). It then > stops the virtio devices' overriding of dc->exit, moving their cleanup > code to the new exit callback in VirtioDeviceClass (patches 6-11). > Finally, patch 12 can make virtio-pci implement the device_unplugged > callback. > > A similar dangling-pointer bug is exposed by this change in virtio-ccw. > Patch 1 avoids this; it is kept at the beginning to ensure bisectability. > > Patches 13-30 are Andreas's conversion of virtio to realize/unrealize, > which has better error propagation as shown by the small testcase fix.
Conny, I pushed this to github at git://github.com/bonzini/qemu.git, branch refs/heads/virtio. It would be great if you can give it a test in case I screwed up a rebase. Paolo
