Hi Paolo,

We have found a bug in all the xen-4.4 and xen-4.5-rcx, the bug
can be reproduced by the following steps:

Use the 'xl pci-attach $DomU $BDF' command to attach more then 
one PCI devices to the guest, then detach the devices with
'xl pci-detach $DomU $BDF', after that, re-attach these PCI 
devices again, an error message will be reported like following:

libxl: error: libxl_qmp.c:287:qmp_handle_error_response: receive
an error message from QMP server: Duplicate ID 'pci-pt-03_10.1'
for device.

By debugging, I found the count of calling xen_pt_region_add and 
xen_pt_region_del are not the same, and this  may cause the 
XenPCIPassthroughState and it's related QemuOpts object not be
released properly. 

I don't know how this happened, but the following patch can fix this bug.

diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index be4220b..a418c53 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -607,7 +607,6 @@ static void xen_pt_region_add(MemoryListener *l, 
MemoryRegionSection *sec)
     XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
                                              memory_listener);
 
-    memory_region_ref(sec->mr);
     xen_pt_region_update(s, sec, true);
 }
 
@@ -617,7 +616,6 @@ static void xen_pt_region_del(MemoryListener *l, 
MemoryRegionSection *sec)
                                              memory_listener);
 
     xen_pt_region_update(s, sec, false);
-    memory_region_unref(sec->mr);
 }
 
 static void xen_pt_io_region_add(MemoryListener *l, MemoryRegionSection *sec)
@@ -625,7 +623,6 @@ static void xen_pt_io_region_add(MemoryListener *l, 
MemoryRegionSection *sec)
     XenPCIPassthroughState *s = container_of(l, XenPCIPassthroughState,
                                              io_listener);
 
-    memory_region_ref(sec->mr);
     xen_pt_region_update(s, sec, true);
 }
 
@@ -635,7 +632,6 @@ static void xen_pt_io_region_del(MemoryListener *l, 
MemoryRegionSection *sec)
                                              io_listener);
 
     xen_pt_region_update(s, sec, false);
-    memory_region_unref(sec->mr);
 }
 
 static const MemoryListener xen_pt_memory_listener = {


After reading other parts of the source code, I don't think the above patch is 
a good fix.
I have verified the following patch can work too:

diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index c1bf357..f2893b2 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -736,7 +736,7 @@ static int xen_pt_initfn(PCIDevice *d)
     }
 
 out:
-    memory_listener_register(&s->memory_listener, &address_space_memory);
+    memory_listener_register(&s->memory_listener, &s->dev.bus_master_as);
     memory_listener_register(&s->io_listener, &address_space_io);
     XEN_PT_LOG(d,
                "Real physical device %02x:%02x.%d registered successfully!\n",

By  debugging, I found when using 'address_space_memory', 
xen_pt_region_del won't be called when the memory region is not  ' 
xen-pci-pt-*',
when using ' s->dev.bus_master_as ', there is no such issue.

I am not sure use 's->dev.bus_master_as' instead of 'address_space_memory'
is right. Could you give some suggestion?

Liang




Reply via email to