[PATCH v12 3/3] vfio-user: Fix memory region reference accounting

Mattias Nissler posted 3 patches 2 months, 2 weeks ago
[PATCH v12 3/3] vfio-user: Fix memory region reference accounting
Posted by Mattias Nissler 2 months, 2 weeks ago
The memory regions created for DMA regions where leaking the original
reference the object is initialized with. This happened since we insert
the memory region as a subregion, but don't keep the reference obtained
when creating the object. Thus, drop the reference after inserting the
DMA memory region into the address space.

This fixes auto-shutdown behavior: Due to the leaked references, the
memory regions would never be released, and indirectly keep the VFU
object as their owner alive. Thus, vfu_object_finalize didn't get
invoked, and qemu wouldn't terminate. With this fix, this is now working
as originally intended.

Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
---
 hw/remote/vfio-user-obj.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 0e93d7a7b4..d347a96e39 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -394,6 +394,14 @@ static void dma_register(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
 
     memory_region_add_subregion(dma_as->root, (hwaddr)iov->iov_base, subregion);
 
+    /*
+     * Insertion into the address space grabbed a reference to keep the memory
+     * region alive. However, the memory region object was created with an
+     * original reference count of 1, so we must unref since we don't keep that
+     * reference.
+     */
+    memory_region_unref(subregion);
+
     trace_vfu_dma_register((uint64_t)iov->iov_base, iov->iov_len);
 }
 
-- 
2.34.1