kvm_ioapic_eoi_inject_work() can be called after ioapic has been freed,
fix it by cancelling its delayed work via a slightly better freeing.
(Could have been a one-liner.)
Signed-off-by: Radim Krčmář <[email protected]>
---
I noticed it while reviewing the "KVM: x86: drop unneeded null test",
so it applies after.
arch/x86/kvm/ioapic.c | 6 ++++++
arch/x86/kvm/ioapic.h | 1 +
arch/x86/kvm/x86.c | 2 +-
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index 09828e2cacfb..88de47ba4058 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -642,6 +642,12 @@ void kvm_ioapic_destroy(struct kvm *kvm)
kfree(ioapic);
}
+void kvm_free_ioapic(struct kvm *kvm)
+{
+ if (kvm->arch.vioapic)
+ kvm_ioapic_destroy(kvm);
+}
+
int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state)
{
struct kvm_ioapic *ioapic = ioapic_irqchip(kvm);
diff --git a/arch/x86/kvm/ioapic.h b/arch/x86/kvm/ioapic.h
index ca0b0b4e6256..7c5579c24fc8 100644
--- a/arch/x86/kvm/ioapic.h
+++ b/arch/x86/kvm/ioapic.h
@@ -122,5 +122,6 @@ int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state);
int kvm_set_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state);
void kvm_ioapic_scan_entry(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap,
u32 *tmr);
+void kvm_free_ioapic(struct kvm *kvm);
#endif
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c73efcd03e29..bb7f1b5881d5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7468,6 +7468,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work);
kvm_free_all_assigned_devices(kvm);
kvm_free_pit(kvm);
+ kvm_free_ioapic(kvm);
}
void kvm_arch_destroy_vm(struct kvm *kvm)
@@ -7491,7 +7492,6 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
}
kvm_iommu_unmap_guest(kvm);
kfree(kvm->arch.vpic);
- kfree(kvm->arch.vioapic);
kvm_free_vcpus(kvm);
kfree(rcu_dereference_check(kvm->arch.apic_map, 1));
}
--
2.3.6
On 28/04/2015 16:00, Radim Krčmář wrote:
> kvm_ioapic_eoi_inject_work() can be called after ioapic has been freed,
> fix it by cancelling its delayed work via a slightly better freeing.
> (Could have been a one-liner.)
>
> Signed-off-by: Radim Krčmář <[email protected]>
> ---
> I noticed it while reviewing the "KVM: x86: drop unneeded null test",
> so it applies after.
>
> arch/x86/kvm/ioapic.c | 6 ++++++
> arch/x86/kvm/ioapic.h | 1 +
> arch/x86/kvm/x86.c | 2 +-
> 3 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
> index 09828e2cacfb..88de47ba4058 100644
> --- a/arch/x86/kvm/ioapic.c
> +++ b/arch/x86/kvm/ioapic.c
> @@ -642,6 +642,12 @@ void kvm_ioapic_destroy(struct kvm *kvm)
> kfree(ioapic);
> }
>
> +void kvm_free_ioapic(struct kvm *kvm)
> +{
> + if (kvm->arch.vioapic)
> + kvm_ioapic_destroy(kvm);
> +}
> +
> int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state)
> {
> struct kvm_ioapic *ioapic = ioapic_irqchip(kvm);
> diff --git a/arch/x86/kvm/ioapic.h b/arch/x86/kvm/ioapic.h
> index ca0b0b4e6256..7c5579c24fc8 100644
> --- a/arch/x86/kvm/ioapic.h
> +++ b/arch/x86/kvm/ioapic.h
> @@ -122,5 +122,6 @@ int kvm_get_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state);
> int kvm_set_ioapic(struct kvm *kvm, struct kvm_ioapic_state *state);
> void kvm_ioapic_scan_entry(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap,
> u32 *tmr);
> +void kvm_free_ioapic(struct kvm *kvm);
>
> #endif
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index c73efcd03e29..bb7f1b5881d5 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -7468,6 +7468,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
> cancel_delayed_work_sync(&kvm->arch.kvmclock_update_work);
> kvm_free_all_assigned_devices(kvm);
> kvm_free_pit(kvm);
> + kvm_free_ioapic(kvm);
> }
>
> void kvm_arch_destroy_vm(struct kvm *kvm)
> @@ -7491,7 +7492,6 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
> }
> kvm_iommu_unmap_guest(kvm);
> kfree(kvm->arch.vpic);
> - kfree(kvm->arch.vioapic);
> kvm_free_vcpus(kvm);
> kfree(rcu_dereference_check(kvm->arch.apic_map, 1));
> }
>
You beat me. :)
Reviewed-by: Paolo Bonzini <[email protected]>
and will apply it too.
Paolo