@@ -17,6 +17,29 @@
static QTAILQ_HEAD(drivelist, DriveInfo) drives = QTAILQ_HEAD_INITIALIZER(drives);
+/*
+ * We automatically delete the drive when a device using it gets
+ * unplugged. Questionable feature, but we can't just drop it.
+ * Device models call blockdev_mark_auto_del() to schedule the
+ * automatic deletion, and generic qdev code calls blockdev_auto_del()
+ * when deletion is actually safe.
+ */
+void blockdev_mark_auto_del(BlockDriverState *bs)
+{
+ DriveInfo *dinfo = drive_of_blockdev(bs);
+
+ dinfo->auto_del = 1;
+}
+
+void blockdev_auto_del(BlockDriverState *bs)
+{
+ DriveInfo *dinfo = drive_of_blockdev(bs);
+
+ if (dinfo->auto_del) {
+ drive_uninit(dinfo);
+ }
+}
+
QemuOpts *drive_add(const char *file, const char *fmt, ...)
{
va_list ap;
@@ -13,6 +13,9 @@
#include "block.h"
#include "qemu-queue.h"
+void blockdev_mark_auto_del(BlockDriverState *bs);
+void blockdev_auto_del(BlockDriverState *bs);
+
typedef enum {
IF_NONE,
IF_IDE, IF_SCSI, IF_FLOPPY, IF_PFLASH, IF_MTD, IF_SD, IF_VIRTIO, IF_XEN,
@@ -28,6 +31,7 @@ typedef struct DriveInfo {
BlockInterfaceType type;
int bus;
int unit;
+ int auto_del; /* see blockdev_mark_auto_del() */
QemuOpts *opts;
char serial[BLOCK_SERIAL_STRLEN + 1];
QTAILQ_ENTRY(DriveInfo) next;
@@ -293,6 +293,15 @@ static int parse_drive(DeviceState *dev, Property *prop, const char *str)
return 0;
}
+static void free_drive(DeviceState *dev, Property *prop)
+{
+ DriveInfo **ptr = qdev_get_prop_ptr(dev, prop);
+
+ if (*ptr) {
+ blockdev_auto_del((*ptr)->bdrv);
+ }
+}
+
static int print_drive(DeviceState *dev, Property *prop, char *dest, size_t len)
{
DriveInfo **ptr = qdev_get_prop_ptr(dev, prop);
@@ -305,6 +314,7 @@ PropertyInfo qdev_prop_drive = {
.size = sizeof(DriveInfo*),
.parse = parse_drive,
.print = print_drive,
+ .free = free_drive,
};
/* --- character device --- */
@@ -1043,7 +1043,7 @@ static void scsi_destroy(SCSIDevice *dev)
SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
scsi_disk_purge_requests(s);
- drive_uninit(s->qdev.conf.dinfo);
+ blockdev_mark_auto_del(s->qdev.conf.dinfo->bdrv);
}
static int scsi_disk_initfn(SCSIDevice *dev)
@@ -453,7 +453,7 @@ static void scsi_destroy(SCSIDevice *d)
r = DO_UPCAST(SCSIGenericReq, req, QTAILQ_FIRST(&s->qdev.requests));
scsi_remove_request(r);
}
- drive_uninit(s->qdev.conf.dinfo);
+ blockdev_mark_auto_del(s->qdev.conf.dinfo->bdrv);
}
static int scsi_generic_initfn(SCSIDevice *dev)
@@ -522,24 +522,36 @@ static void usb_msd_password_cb(void *opaque, int err)
static int usb_msd_initfn(USBDevice *dev)
{
MSDState *s = DO_UPCAST(MSDState, dev, dev);
+ DriveInfo *dinfo = s->conf.dinfo;
- if (!s->conf.dinfo || !s->conf.dinfo->bdrv) {
+ if (!dinfo || !dinfo->bdrv) {
error_report("usb-msd: drive property not set");
return -1;
}
+ /*
+ * Hack alert: this pretends to be a block device, but it's really
+ * a SCSI bus that can serve only a single device, which it
+ * creates automatically. Two drive properties pointing to the
+ * same drive is not good: free_drive() dies for the second one.
+ * Zap the one we're not going to use.
+ *
+ * The hack is probably a bad idea.
+ */
+ s->conf.dinfo = NULL;
+
s->dev.speed = USB_SPEED_FULL;
scsi_bus_new(&s->bus, &s->dev.qdev, 0, 1, usb_msd_command_complete);
- s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, s->conf.dinfo, 0);
+ s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, dinfo, 0);
if (!s->scsi_dev) {
return -1;
}
s->bus.qbus.allow_hotplug = 0;
usb_msd_handle_reset(dev);
- if (bdrv_key_required(s->conf.dinfo->bdrv)) {
+ if (bdrv_key_required(dinfo->bdrv)) {
if (cur_mon) {
- monitor_read_bdrv_key_start(cur_mon, s->conf.dinfo->bdrv,
+ monitor_read_bdrv_key_start(cur_mon, dinfo->bdrv,
usb_msd_password_cb, s);
s->dev.auto_attach = 0;
} else {
@@ -571,7 +571,7 @@ static int virtio_blk_exit_pci(PCIDevice *pci_dev)
{
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
- drive_uninit(proxy->block.dinfo);
+ blockdev_mark_auto_del(proxy->block.dinfo->bdrv);
return virtio_exit_pci(pci_dev);
}
We automatically delete blockdev host parts on unplug of the guest device. Too much magic, but we can't change that now. The delete happens early in the guest device teardown, before the connection to the host part is severed. Thus, the guest part's pointer to the host part dangles for a brief time. No actual harm comes from this, but we'll catch such dangling pointers a few commits down the road. Clean up the dangling pointers by delaying the automatic deletion until the guest part's pointer is gone. Device usb-storage deliberately makes two qdev properties refer to the same drive, because it automatically creates a second device. Again, too much magic we can't change now. Multiple references worked okay before, but now free_drive() dies for the second one. Zap the extra reference. Signed-off-by: Markus Armbruster <armbru@redhat.com> --- blockdev.c | 23 +++++++++++++++++++++++ blockdev.h | 4 ++++ hw/qdev-properties.c | 10 ++++++++++ hw/scsi-disk.c | 2 +- hw/scsi-generic.c | 2 +- hw/usb-msd.c | 20 ++++++++++++++++---- hw/virtio-pci.c | 2 +- 7 files changed, 56 insertions(+), 7 deletions(-)