vhost: release memory_listener object in error path

vhost_dev_start function does not release memory_listener object
in case of an error. This may crash the guest when vhost is unable
to set memory table:

  stack trace of thread 125653:
  Program terminated with signal SIGSEGV, Segmentation fault
  #0  memory_listener_register (qemu-kvm + 0x6cda0f)
  #1  vhost_dev_start (qemu-kvm + 0x699301)
  qemu#2  vhost_net_start (qemu-kvm + 0x45b03f)
  qemu#3  virtio_net_set_status (qemu-kvm + 0x665672)
  qemu#4  qmp_set_link (qemu-kvm + 0x548fd5)
  qemu#5  net_vhost_user_event (qemu-kvm + 0x552c45)
  qemu#6  tcp_chr_connect (qemu-kvm + 0x88d473)
  qemu#7  tcp_chr_new_client (qemu-kvm + 0x88cf83)
  qemu#8  tcp_chr_accept (qemu-kvm + 0x88b429)
  qemu#9  qio_net_listener_channel_func (qemu-kvm + 0x7ac07c)
  qemu#10 g_main_context_dispatch (libglib-2.0.so.0 + 0x54e2f)

Release memory_listener objects in the error path.

Signed-off-by: Prasad Pandit <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Michael S. Tsirkin <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Reviewed-by: Peter Xu <[email protected]>
Fixes: c471ad0 ("vhost_net: device IOTLB support")
Cc: [email protected]
Acked-by: Jason Wang <[email protected]>

Author: Prasad Pandit

hw/virtio/vhost.c

@@ -2003,6 +2003,9 @@ int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings)
     }
 
 fail_mem:
+    if (vhost_dev_has_iommu(hdev)) {
+        memory_listener_unregister(&hdev->iommu_listener);
+    }
 fail_features:
     vdev->vhost_started = false;
     hdev->started = false;