target/arm/hvf/hvf.c | 4 ---- 1 file changed, 4 deletions(-)
The following callstack causes hv_vcpu_destroy() to be called twice,
producing HV_BAD_ARGUMENT on the already-destroyed handler:
hvf_vcpu_destroy
|
|_ hv_vcpu_destroy
|
|_ hvf_arch_vcpu_destroy
|
|_ hv_vcpu_destroy
The first hv_vcpu_destroy call covers both x86 and arm. Let's remove the
second one, as it is redundant.
Signed-off-by: Matheus Tavares Bernardino <matheus.bernardino@oss.qualcomm.com>
---
v1: https://lore.kernel.org/qemu-devel/70cca2a5cdde3e6531e5c8f1e399e0b584d51ad6.1776096073.git.matheus.bernardino@oss.qualcomm.com/
Changed in v2: removed second call instead of first one to avoid
breaking x86 (thanks Philippe!)
target/arm/hvf/hvf.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 5fc8f6bbbd..2ee653f08e 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1212,10 +1212,6 @@ void hvf_arm_set_cpu_features_from_host(ARMCPU *cpu)
void hvf_arch_vcpu_destroy(CPUState *cpu)
{
- hv_return_t ret;
-
- ret = hv_vcpu_destroy(cpu->accel->fd);
- assert_hvf_ok(ret);
}
hv_return_t hvf_arch_vm_create(MachineState *ms, uint32_t pa_range)
--
2.37.2On 4/14/2026 6:11 AM, Matheus Tavares Bernardino wrote: > The following callstack causes hv_vcpu_destroy() to be called twice, > producing HV_BAD_ARGUMENT on the already-destroyed handler: > > hvf_vcpu_destroy > | > |_ hv_vcpu_destroy > | > |_ hvf_arch_vcpu_destroy > | > |_ hv_vcpu_destroy > > The first hv_vcpu_destroy call covers both x86 and arm. Let's remove the > second one, as it is redundant. > > Signed-off-by: Matheus Tavares Bernardino <matheus.bernardino@oss.qualcomm.com> > --- > v1: https://lore.kernel.org/qemu-devel/70cca2a5cdde3e6531e5c8f1e399e0b584d51ad6.1776096073.git.matheus.bernardino@oss.qualcomm.com/ > > Changed in v2: removed second call instead of first one to avoid > breaking x86 (thanks Philippe!) > > target/arm/hvf/hvf.c | 4 ---- > 1 file changed, 4 deletions(-) > Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
On 14/4/26 15:11, Matheus Tavares Bernardino wrote: > The following callstack causes hv_vcpu_destroy() to be called twice, > producing HV_BAD_ARGUMENT on the already-destroyed handler: > > hvf_vcpu_destroy > | > |_ hv_vcpu_destroy > | > |_ hvf_arch_vcpu_destroy > | > |_ hv_vcpu_destroy > > The first hv_vcpu_destroy call covers both x86 and arm. Let's remove the > second one, as it is redundant. > > Signed-off-by: Matheus Tavares Bernardino <matheus.bernardino@oss.qualcomm.com> > --- > v1: https://lore.kernel.org/qemu-devel/70cca2a5cdde3e6531e5c8f1e399e0b584d51ad6.1776096073.git.matheus.bernardino@oss.qualcomm.com/ > > Changed in v2: removed second call instead of first one to avoid > breaking x86 (thanks Philippe!) > > target/arm/hvf/hvf.c | 4 ---- > 1 file changed, 4 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On 14/4/26 15:23, Philippe Mathieu-Daudé wrote: > On 14/4/26 15:11, Matheus Tavares Bernardino wrote: >> The following callstack causes hv_vcpu_destroy() to be called twice, >> producing HV_BAD_ARGUMENT on the already-destroyed handler: >> >> hvf_vcpu_destroy >> | >> |_ hv_vcpu_destroy >> | >> |_ hvf_arch_vcpu_destroy >> | >> |_ hv_vcpu_destroy >> >> The first hv_vcpu_destroy call covers both x86 and arm. Let's remove the >> second one, as it is redundant. >> >> Signed-off-by: Matheus Tavares Bernardino >> <matheus.bernardino@oss.qualcomm.com> >> --- >> v1: https://lore.kernel.org/qemu- >> devel/70cca2a5cdde3e6531e5c8f1e399e0b584d51ad6.1776096073.git.matheus.bernardino@oss.qualcomm.com/ >> >> Changed in v2: removed second call instead of first one to avoid >> breaking x86 (thanks Philippe!) >> >> target/arm/hvf/hvf.c | 4 ---- >> 1 file changed, 4 deletions(-) > > Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
© 2016 - 2026 Red Hat, Inc.