Block drivers may still want to access their child nodes in their .bdrv_close handler. If they unref and/or detach a child by themselves, this should not result in a double free.
There is additional code for backing files, which are just a special case of child nodes. The same applies for them. Signed-off-by: Kevin Wolf <kw...@redhat.com> Reviewed-by: Max Reitz <mre...@redhat.com> --- block.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/block.c b/block.c index b723cf2..d5c9f03 100644 --- a/block.c +++ b/block.c @@ -1901,6 +1901,14 @@ void bdrv_close(BlockDriverState *bs) if (bs->drv) { BdrvChild *child, *next; + bs->drv->bdrv_close(bs); + + if (bs->backing_hd) { + BlockDriverState *backing_hd = bs->backing_hd; + bdrv_set_backing_hd(bs, NULL); + bdrv_unref(backing_hd); + } + QLIST_FOREACH_SAFE(child, &bs->children, next, next) { /* TODO Remove bdrv_unref() from drivers' close function and use * bdrv_unref_child() here */ @@ -1910,12 +1918,6 @@ void bdrv_close(BlockDriverState *bs) bdrv_detach_child(child); } - if (bs->backing_hd) { - BlockDriverState *backing_hd = bs->backing_hd; - bdrv_set_backing_hd(bs, NULL); - bdrv_unref(backing_hd); - } - bs->drv->bdrv_close(bs); g_free(bs->opaque); bs->opaque = NULL; bs->drv = NULL; -- 1.8.3.1