On Tue, Jul 03, 2012 at 10:39:20PM -0600, Alex Williamson wrote: > We've currently got a bug in pci_unregister_device in the ordering of > calling the driver exit function and unregistering io regions. In > every driver memory regions are created in the init function and > destroyed in the exit function. By calling pci_unregister_io_regions > after the exit function, we're calling memory_region_del_subregion > with a pointer to a MemoryRegion that has already been destroyed. > > It's easy enough to change the ordering, but the exit function is > currently allowed to fail. Even if we wanted to restore the device > at that point, we've interrupted the mappings from the guest > perspective and it seems precarious at best whether an exit function > can fail and leave a usable device. Fortunately nobody has any > possibility of actually failing the exit path. Normally I'm a > proponent of error paths, but allowing an exit to fail is like > allowing free(3) to fail.
Like, totally. > So, firt redefine that exit can't fail, then fix the ordering of > pci_unregister_device(). If anyone has plans for a failure case in > the exit path, please speak now. Thanks, > > Alex Applied, thanks! > --- > > Alex Williamson (2): > pci: Unregister BARs before device exit > pci: convert PCIUnregisterFunc to void > > > hw/ac97.c | 3 +-- > hw/e1000.c | 3 +-- > hw/eepro100.c | 3 +-- > hw/es1370.c | 3 +-- > hw/ide/cmd646.c | 4 +--- > hw/ide/ich.c | 4 +--- > hw/ide/piix.c | 4 +--- > hw/ide/via.c | 4 +--- > hw/intel-hda.c | 3 +-- > hw/ioh3420.c | 8 +++----- > hw/ivshmem.c | 4 +--- > hw/lsi53c895a.c | 4 +--- > hw/ne2000.c | 3 +-- > hw/pci.c | 11 +++++------ > hw/pci.h | 2 +- > hw/pci_bridge.c | 3 +-- > hw/pci_bridge.h | 2 +- > hw/pci_bridge_dev.c | 12 ++++-------- > hw/pcnet-pci.c | 3 +-- > hw/rtl8139.c | 3 +-- > hw/usb/hcd-uhci.c | 3 +-- > hw/virtio-pci.c | 23 +++++++++++------------ > hw/wdt_i6300esb.c | 4 +--- > hw/xio3130_downstream.c | 8 +++----- > hw/xio3130_upstream.c | 8 +++----- > 25 files changed, 48 insertions(+), 84 deletions(-)