| Message ID | 20210323120439.563855-2-anthony.perard@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [PULL,1/1] xen-block: Fix removal of backend instance via xenstore | expand |
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c index ac82d5406337..83754a434481 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -972,6 +972,15 @@ static void xen_block_device_destroy(XenBackendInstance *backend, object_unparent(OBJECT(xendev)); + /* + * Drain all pending RCU callbacks as object_unparent() frees `xendev' + * in a RCU callback. + * And due to the property "drive" still existing in `xendev', we + * can't destroy the XenBlockDrive associated with `xendev' with + * xen_block_drive_destroy() below. + */ + drain_call_rcu(); + if (iothread) { xen_block_iothread_destroy(iothread, errp); if (*errp) {
Whenever a Xen block device is detach via xenstore, the image associated with it remained open by the backend QEMU and an error is logged: qemu-system-i386: failed to destroy drive: Node xvdz-qcow2 is in use This happened since object_unparent() doesn't immediately frees the object and thus keep a reference to the node we are trying to free. The reference is hold by the "drive" property and the call xen_block_drive_destroy() fails. In order to fix that, we call drain_call_rcu() to run the callback setup by bus_remove_child() via object_unparent(). Fixes: 2d24a6466154 ("device-core: use RCU for list of children of a bus") Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Paul Durrant <paul@xen.org> Message-Id: <20210308143232.83388-1-anthony.perard@citrix.com> --- hw/block/xen-block.c | 9 +++++++++ 1 file changed, 9 insertions(+)