- 07 Jan, 2015 24 commits
-
-
Max Reitz authored
If a driver supports image creation, it needs to set the .create_opts field. We can use that to make sure .create_opts for both drivers involved is not NULL in bdrv_img_create(), which is important so that the create_opts pointer in that function is not NULL after the qemu_opts_append() calls and when going into qemu_opts_create(). Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Kevin Wolf <kwolf@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit c6149724 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Reitz authored
The nfs protocol driver is capable of creating images, but did not specify any creation options. Fix it. A way to test this issue is the following: $ qemu-img create -f nfs nfs://127.0.0.1/foo.qcow2 64M Without this patch, it segfaults. With this patch, it does not. However, this is not something that should really work; qemu-img should check whether the parameter for the -f option (and -O for convert) is indeed a format, and error out if it is not. Therefore, I am not making it an iotest. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Kevin Wolf <kwolf@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit fd752801 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Reitz authored
Although virtually impossible right now, bdrv_find_format("qcow") may fail. The vvfat block driver should heed that case. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Kevin Wolf <kwolf@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit 1bcb15cf ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Reitz authored
We can always assume raw, file and qcow2 being available; so do not use bdrv_find_format() to locate their BlockDriver objects but statically reference the respective objects. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit ef810437 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Reitz authored
There are some block drivers which are essential to QEMU and may not be removed: These are raw, file and qcow2 (as the default non-raw format). Make their BlockDriver objects public so they can be directly referenced throughout the block layer without needing to call bdrv_find_format() and having to deal with an error at runtime, while the real problem occurred during linking (where raw, file or qcow2 were not linked into qemu). Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit 5f535a94 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Jason Wang authored
virtio_net_handle_ctrl() and other functions that process control vq request call iov_discard_front() which will shorten the iov. This will lead unmapping in virtqueue_push() leaks mapping. Fixes this by keeping the original iov untouched and using a temp variable in those functions. Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Jason Wang <jasowang@redhat.com> Reviewed-by:
Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Michael S. Tsirkin <mst@redhat.com> Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 771b6ed3 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Don Slutz authored
The other callers to blk_set_enable_write_cache() in this file already check for s->blk == NULL. Signed-off-by:
Don Slutz <dslutz@verizon.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com Cc: qemu-stable@nongnu.org Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 6b896ab2) Conflicts: hw/ide/core.c *removed dependency on 4be74634 Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Peter Maydell authored
The code in invalidate_and_set_dirty() needs to handle addr/length combinations which cross guest physical page boundaries. This can happen, for example, when disk I/O reads large blocks into guest RAM which previously held code that we have cached translations for. Unfortunately we were only checking the clean/dirty status of the first page in the range, and then were calling a tb_invalidate function which only handles ranges that don't cross page boundaries. Fix the function to deal with multipage ranges. The symptoms of this bug were that guest code would misbehave (eg segfault), in particular after a guest reboot but potentially any time the guest reused a page of its physical RAM for new code. Cc: qemu-stable@nongnu.org Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416167061-13203-1-git-send-email-peter.maydell@linaro.org (cherry picked from commit f874bf90 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
zhanghailiang authored
freeaddrinfo(result) does not assign result = NULL, after frees it. There will be a double free when it goes error case. It is reported by covertiy. Reviewed-by:
Gonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 77374582 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
zhanghailiang authored
In function connect_to_qemu(), getaddrinfo() will allocate memory that is stored into server, it should be freed by using freeaddrinfo() before connect_to_qemu() return. Cc: qemu-stable@nongnu.org Reviewed-by:
Markus Armbruster <armbru@redhat.com> Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 5bbebf62 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Paolo Bonzini authored
Old BIOSes left some padding by mistake after the req_size/resp_size. New QEMU does not like it, thinking it is a bidirectional command. As a workaround, we can check if the ANY_LAYOUT bit is set; if not, we always consider the first buffer as the virtio-scsi request/response, because, back when QEMU did not support ANY_LAYOUT, it expected the payload to start at the second element of the iovec. This can show up during migration. Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 55783a55 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Alexander Graf authored
Memory slots have to be page aligned to get entered into KVM. There is existing logic that tries to ensure that we pad memory slots that are not page aligned to the biggest region that would still fit in the alignment requirements. Unfortunately, that logic is broken. It tries to calculate the start offset based on the region size. Fix up the logic to do the thing it was intended to do and document it properly in the comment above it. With this patch applied, I can successfully run an e500 guest with more than 3GB RAM (at which point RAM starts overlapping subpage memory regions). Cc: qemu-stable@nongnu.org Signed-off-by:
Alexander Graf <agraf@suse.de> (cherry picked from commit f2a64032 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Filippov authored
Entry opcode needs to check if moving to new register frame would cause register window overflow. Entry used in function prologue never overflows because preceding windowed call* opcode writes return address to the target register window frame, causing overflow exceptions at the point of call. But when a sequence of entry opcodes is used for register window spilling there may not be a call or other opcode that would cause window check between entries and they would not raise overflow exception themselves resulting in data corruption. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> (cherry picked from commit 1b3e71f8 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Hannes Reinecke authored
A linux guest will be issuing messages: [ 32.124042] DC390: Deadlock in DataIn_0: DMA aborted unfinished: 000000 bytes remain!! [ 32.126348] DC390: DataIn_0: DMA State: 0 and the HBA will fail to work properly. Reason is the emulation is not setting the 'DMA transfer done' status correctly. Signed-off-by:
Hannes Reinecke <hare@suse.de> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit c3543fb5 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Peter Maydell authored
The g_hash_table_iter_* functions for iterating through a hash table are not present in glib 2.12, which is our current minimum requirement. Rewrite the code to use g_hash_table_foreach() instead. Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Signed-off-by:
Alexander Graf <agraf@suse.de> (cherry picked from commit f8833a37 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Zhang Haoyu authored
If there are still pending i/o while deleting snapshot, because deleting snapshot is done in non-coroutine context, and the pending i/o read/write (bdrv_co_do_rw) is done in coroutine context, so it's possible to cause concurrency problem between above two operations. Add bdrv_drain_all() to bdrv_snapshot_delete() to avoid this problem. Signed-off-by:
Zhang Haoyu <zhanghy@sangfor.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 201410211637596311287@sangfor.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit 3432a192 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Filippov authored
U-boot for xtensa always treats uImage load address as virtual address. This is important when booting uImage on xtensa core with MMUv2, because MMUv2 has fixed non-identity virtual-to-physical mapping after reset. Always do virtual-to-physical translation of uImage load address and load uImage at the translated address. This fixes booting uImage kernels on dc232b and other MMUv2 cores. Cc: qemu-stable@nongnu.org Reported-by:
Waldemar Brodkorb <mail@waldemar-brodkorb.de> Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> (cherry picked from commit 6d2e4530 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Filippov authored
Such address translation is needed when load address recorded in uImage is a virtual address. When the actual load address is requested, return untranslated address: user that needs the translated address can always apply translation function to it and those that need it untranslated don't need to do the inverse translation. Add translation function pointer and its parameter to uimage_load prototype. Update all existing users. No user-visible functional changes. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> Reviewed-by:
Alexander Graf <agraf@suse.de> (cherry picked from commit 25bda50a ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Aurelien Jarno authored
Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a regression at the same time by always calling tcg_out_tlb_load with is_load=1. This makes impossible to run any significant code under qemu-system-mips*. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by:
Richard Henderson <rth@twiddle.net> Signed-off-by:
Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 0a2923f8 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Ting Wang authored
If req->resp.cmd.status is not GOOD, the address of sense for qemu_iovec_from_buf should be modified from &req->resp to sense. Cc: qemu-stable@nongnu.org Signed-off-by:
Ting Wang <kathy.wangting@huawei.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit b7890c40 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Petr Matousek authored
bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by:
Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit e6908bfe ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Jan Kiszka authored
qemu_shutdown_requested may be interrupted by qemu_system_killed. If the latter sets shutdown_requested after qemu_shutdown_requested has read it but before it was cleared, the shutdown event is lost. Fix this by using atomic_xchg. This provides a different fix for the problem which commit 15124e14 attempts to deal with. That commit breaks use of ^C to drop into gdb, and so this approach is better (and 15124e14 can be reverted). Signed-off-by:
Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> [PMM: commit message tweak] Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 817ef04d ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Ray Strode authored
commit 57f97834 cleaned up the cac_applet_pki_process_apdu function to have a single exit point. Unfortunately, that commit introduced a bug where the sign buffer can get free'd and nullified while it's still being used. This commit corrects the bug by introducing a boolean to track whether or not the sign buffer should be freed in the function exit path. Signed-off-by:
Ray Strode <rstrode@redhat.com> Reviewed-by:
Alon Levy <alon@pobox.com> Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit 81b49e8f ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Max Reitz authored
While writing an L1 table sector, qcow2_write_l1_entry() copies the respective range from s->l1_table to the local "buf" array. The size of s->l1_table does not have to be a multiple of L1_ENTRIES_PER_SECTOR; thus, limit the index which is used for copying all entries to the L1 size. Cc: qemu-stable@nongnu.org Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Peter Lieven <pl@kamp.de> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit a1391444 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
- 06 Jan, 2015 16 commits
-
-
Gerd Hoffmann authored
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Don Koch <dkoch@verizon.com> (cherry picked from commit bd9ccd85 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gerd Hoffmann authored
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Don Koch <dkoch@verizon.com> (cherry picked from commit 61b41b4c ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gerd Hoffmann authored
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change in behavior: We don't try to automatically fixup rectangles any more. In case we find invalid update requests we'll do a full-screen update instead. Cc: qemu-stable@nongnu.org Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Don Koch <dkoch@verizon.com> (cherry picked from commit 1735fe1e ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gerd Hoffmann authored
Add verification function for rectangles, returning true if verification passes and false otherwise. Cc: qemu-stable@nongnu.org Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Don Koch <dkoch@verizon.com> (cherry picked from commit 07258900 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gerd Hoffmann authored
Quick & easy stopgap for CVE-2014-3689: We just compile out the hardware acceleration functions which lack sanity checks. Thankfully we have capability bits for them (SVGA_CAP_RECT_COPY and SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory. Subsequent patches will add the missing checks and re-enable the hardware acceleration emulation. Cc: qemu-stable@nongnu.org Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Don Koch <dkoch@verizon.com> (cherry picked from commit 83afa38e ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Jan Kiszka authored
We used to be able to address both the QEMU and the KVM APIC via "apic". This doesn't work anymore. So we need to use their parent class to turn off the vapic on machines that should not expose them. Signed-off-by:
Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> (cherry picked from commit df1fd4b5 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon unplug the virtio-9p child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 8f3d60e5 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
virtio-9p-pci all duplicate the qdev properties of their V9fsState child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the V9fsState child. This way no duplication is necessary. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 48833071 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-balloon child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 91ba2120 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-rng child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 352fa88d ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
virtio-rng-{pci, s390, ccw} all duplicate the qdev properties of their VirtIORNG child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIORNG child. This way no duplication is necessary. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 8ee486ae ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-serial child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit e77ca8b9 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
virtio-serial-{pci, s390, ccw} all duplicate the qdev properties of their VirtIOSerial child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIOSerial child. This way no duplication is necessary. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 4f456d80 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-scsi/vhost-scsi child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 1312f12b ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
{virtio, vhost}-scsi-{pci, s390, ccw} all duplicate the qdev properties of their VirtIOSCSI/VHostSCSI child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIOSCSI/VHostSCSI child. This way no duplication is necessary. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit c39343fd ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-
Gonglei authored
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-net child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 6a0c6b59 ) Signed-off-by:
Michael Roth <mdroth@linux.vnet.ibm.com>
-