On Mon, May 18, 2020 at 1:37 AM David Hildenbrand <da...@redhat.com> wrote:
>
> Checking against guest features is wrong. We allocated data structures
> based on host features. We can rely on "free_page_bh" as an indicator
> whether to un-do stuff instead.
>
> Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
> Cc: Wei Wang <wei.w.w...@intel.com>
> Cc: Michael S. Tsirkin <m...@redhat.com>
> Cc: Philippe Mathieu-Daudé <phi...@redhat.com>
> Cc: Alexander Duyck <alexander.du...@gmail.com>
> Signed-off-by: David Hildenbrand <da...@redhat.com>
> ---
> hw/virtio/virtio-balloon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index dc3b1067ab..a4fcf2d777 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -818,7 +818,7 @@ static void virtio_balloon_device_unrealize(DeviceState
> *dev)
> VirtIODevice *vdev = VIRTIO_DEVICE(dev);
> VirtIOBalloon *s = VIRTIO_BALLOON(dev);
>
> - if (virtio_balloon_free_page_support(s)) {
> + if (s->free_page_bh) {
> qemu_bh_delete(s->free_page_bh);
> virtio_balloon_free_page_stop(s);
> precopy_remove_notifier(&s->free_page_report_notify);
Would it make sense to apply the same change to
virtio_balloon_device_reset and virtio_balloon_set_status? At least in
the case of virtio_balloon_set_status it seems like you could possibly
exploit it somehow as clearing the feature in the guest will prevent
the toggling of the block_iothread value.
Reviewed-by: Alexander Duyck <alexander.h.du...@linux.intel.com>
