qemu_vfio_undo_mapping() will decrement the number of mappings and
reshuffle the array elements to fit into the reduced size.
Iterating over all elements like this does not work as expected, let's make
sure to remove all mappings properly.
Reviewed-by: Peter Xu <address@hidden>
Cc: Richard Henderson <address@hidden>
Cc: Paolo Bonzini <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Cc: Alex Williamson <address@hidden>
Cc: Stefan Hajnoczi <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
---
util/vfio-helpers.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
index 9ec01bfe26..f31aa77ffe 100644
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -695,13 +695,11 @@ static void qemu_vfio_reset(QEMUVFIOState *s)
/* Close and free the VFIO resources. */
void qemu_vfio_close(QEMUVFIOState *s)
{
- int i;
-
if (!s) {
return;
}
- for (i = 0; i < s->nr_mappings; ++i) {
- qemu_vfio_undo_mapping(s, &s->mappings[i], NULL);
+ while (s->nr_mappings) {
+ qemu_vfio_undo_mapping(s, &s->mappings[s->nr_mappings - 1], NULL);
}
ram_block_notifier_remove(&s->ram_notifier);
qemu_vfio_reset(s);