[PATCH] net: Fix qemu crash when hot-pluging a vhost-net failed.

[Yangming via <qemu-devel@nongnu.org>]

[-- Attachment #1.1: Type: text/plain, Size: 733 bytes --]

Dear all:

I found a bug of qemu: hot-pluging a vhost-net may cause virtual machine crash in following steps:
1. Starting a vm without any net device.
2. Hot-pluging 70 memory devices.
3. Hot-pluging a vhost-net device.

After the 3rd step, the qemu crashed with following messages:

vhost backend memory slots limit is less than current number of present memory slots
warning: vhost-net requested but could not be initialized
qemu-system-x86_64: ../net/net.c:1106: net_client_init1: Assertion `nc' failed.
2022-12-05 03:14:08.794+0000: shutting down, reason=crashed

This commit is used to fix the mentioned problem. It is based on commit a33c25399f9bc3dcf83064adeba2a82e61bf4608 of master branch.

Kind regards.


[-- Attachment #1.2: Type: text/html, Size: 3599 bytes --]

[-- Attachment #2: 0001-net-net.c-do-not-assert-nc-as-hotplug-vhost-net-may-.patch --]
[-- Type: application/octet-stream, Size: 2112 bytes --]

From b2bca483212f04b9b021753aec1fcaeaf41385d1 Mon Sep 17 00:00:00 2001
From: Ming Yang <yangming73@huawei.com>
Date: Fri, 25 Nov 2022 10:45:52 +0800
Subject: [PATCH] net/net.c: Fix qemu crash when hot-pluging a vhost-net failed. 

Hot-pluging a vhost-net may cause virtual machine crash in following steps:
1. Starting a vm without net devices.
2. Hot-pluging 70 memory devices.
3. Hot-pluging a vhost-net device.

The reason is : if hotplug a vhost-net failed, the nc cannot be found via function qemu_find_netdev, as
it has been cleaned up through function qemu_cleanup_net_client. Which leads to the result
that assert(nc) failed, then qemu crashed.

While, the root reason is that, in commit 46d4d36d0bf2 if not both has_vhostforce and vhostforce flags
are true, the errp would not be set. Then net_init_tap would not return a negative value, fallowed by founding nc
and assert nc.

In this patch, asserting nc is replaced with setting an error message.

Fixes: 46d4d36d0bf2("tap: setting error appropriately when calling net_init_tap_one()")
Signed-off-by: Ming Yang <yangming73@huawei.com>
Signed-off-by: Liang Zhang <zhangliang5@huawei.com>
---
 net/net.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/net/net.c b/net/net.c
index 840ad9dca5..1d1d7e54c4 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1103,7 +1103,16 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)
 
     if (is_netdev) {
         nc = qemu_find_netdev(netdev->id);
-        assert(nc);
+        /*
+         * If the tap of hotpluged net device do not has both has_vhostforce flag and vhostforce flags,
+         * when error occurs, the error messags will be report but not set to errp. Thus net_client_init_fun
+         * will not return a negatave value. Therefore the value of nc might be NULL. To make qemu robust,
+         * it is better to judge if nc is NULL.
+         */
+        if (!nc) {
+            error_setg(errp, "Device '%s' could not be initialized", netdev->id);
+            return -1;
+        }
         nc->is_netdev = true;
     }
 
-- 
2.33.0