From 19912e502d78cb718e9be9ddbc3fcafe124a82b3 Mon Sep 17 00:00:00 2001 Message-Id: <19912e502d78cb718e9be9ddbc3fcafe124a82b3.1427300678.git.jen@redhat.com> In-Reply-To: References: From: Amos Kong Date: Tue, 24 Mar 2015 23:00:04 -0500 Subject: [CHANGE 33/33] virtio-rng: unreference rng backend in pci exit [only internal] To: rhvirt-patches@redhat.com, jen@redhat.com RH-Author: Amos Kong Message-id: <1427238004-11205-4-git-send-email-akong@redhat.com> Patchwork-id: 64581 O-Subject: [RHEL-6.7 qemu-kvm PATCH 3/3] virtio-rng: unreference rng backend in pci exit [only internal] Bugzilla: 1119575 RH-Acked-by: Marcel Apfelbaum RH-Acked-by: Amit Shah RH-Acked-by: Paolo Bonzini Repeatedly hot-plug and hot-unplug virtio-rng devices, and read random data in guest by a loop, try to cancel the reading process if it's too slow. Coredump occurs after busy virtio-rng-pci is deleted from windows guest. It's easy to reproduce with Win8.1-32 guest. qemu-kvm-rhel6 doesn't use QOM for pci bus as upstream, the reference isn't decreased in pci exit stage, then backend finalize can't be done, fd handler can't be cleaned, unexpected handler calling will cause crash. The reference increases before virtio_rng_init(), so clean it after virtio_rng_exit(). The order is consistent with upstream. Signed-off-by: Amos Kong --- hw/virtio-pci.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) Signed-off-by: Jeff E. Nelson --- hw/virtio-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c index 2ebbaca..15b1d67 100644 --- a/hw/virtio-pci.c +++ b/hw/virtio-pci.c @@ -984,6 +984,7 @@ static int virtio_rng_exit_pci(PCIDevice *pci_dev) virtio_pci_stop_ioeventfd(proxy); virtio_rng_exit(proxy->vdev); + object_unref(OBJECT(proxy->rng.rng)); virtio_exit_pci(pci_dev); return 0; } -- 2.1.0