Re: 回复: Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers

["Michael S. Tsirkin" <mst@redhat.com>]

On Thu, Dec 01, 2022 at 09:40:42AM +0800, 雷翔 wrote:
> As we found, it will cause guest os crash when reboot guest os. because in
> 'virtio_pci_set_guest_notifiers' function, if it failed to set guest notifier,
> the error handler did not release the 'proxy->vector_irqfd' which already
> alloced. when reboot guest os, into 'virtio_pci_set_guest_notifiers' function
> again, it will jump into  'msix_unset_vector_notifiers' function, this function
> will check device notifier hooks, cause hooks were null, it will cause a assert
> error, then the guest os crash down.
> 
> We put the error message in our test below:
> 
> 2022-07-29 07:49:46.591+0000: Domain id=30 is tainted: host-cpu char device
> redirected to /dev/pts/4 (label charserial0)
> 2022-07-29T07:49:48.319622Z qemu-4.1: nvqs:1,pci_dev name:virtio-blk-pci
> 2022-07-29T07:49:57.974985Z qemu-4.1: nvqs:1,pci_dev name:virtio-blk-pci
> 2022-07-29T07:50:01.834092Z qemu-4.1: nvqs:2,pci_dev name:virtio-net-pci
> 2022-07-29T07:50:01.834207Z qemu-4.1: Error binding guest notifier: 11
> 2022-07-29T07:50:01.834218Z qemu-4.1: unable to start vhost net: 11: falling
> back on userspace virtio
> 2022-07-29T07:50:01.865367Z qemu-4.1: nvqs:1,pci_dev name:virtio-blk-pci
> 2022-07-29T07:50:01.865506Z qemu-4.1: virtio-blk failed to set guest notifier
> (-11), ensure -accel kvm is set.
> 2022-07-29T07:50:01.865518Z qemu-4.1: virtio_bus_start_ioeventfd: failed.
> Fallback to userspace (slower).
> 2022-07-29T07:50:02.005930Z qemu-4.1: nvqs:3,pci_dev name:virtio-scsi-pci
> 2022-07-29T07:50:02.006079Z qemu-4.1: virtio-scsi: Failed to set guest
> notifiers (-11), ensure -accel kvm is set.
> 2022-07-29T07:50:02.006091Z qemu-4.1: virtio_bus_start_ioeventfd: failed.
> Fallback to userspace (slower).
> 2022-07-29T07:52:44.108820Z qemu-4.1: nvqs:1,pci_dev name:virtio-blk-pci
> 2022-07-29T07:52:52.886792Z qemu-4.1: nvqs:1,pci_dev name:virtio-blk-pci
> qemu-4.1: hw/pci/msix.c:612: msix_unset_vector_notifiers: Assertion `dev->
> msix_vector_use_notifier && dev->msix_vector_release_notifier' failed.
> 2022-07-29 07:52:53.377+0000: shutting down, reason=crashed
> 
> 
> 
> 


Thanks! My question is, does this also reproduce with qemu 7.1
or is the problem new in 7.2?

> 
> 
> ----
> 
>  
> 
> 
> 
> 
> 主　题：Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in
> virtio_pci_set_guest_notifiers
> 日　期：2022-11-30 14:59
> 发件人：Michael S. Tsirkin
> 收件人：雷翔;
> 
> On Wed, Nov 30, 2022 at 01:56:11PM +0800, leixiang wrote:
> > proxy->vector_irqfd did not free when set guest notifier failed.
> >
> > Signed-off-by: Lei Xiang
> > Tested-by: Zeng Chi
> > Suggested-by: Xie Ming
> 
> Thanks a lot! Fixes tag? When was the leak introduced?
> 
> > ---
> > hw/virtio/virtio-pci.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> > index c6b47a9c..4862f83b 100644
> > --- a/hw/virtio/virtio-pci.c
> > +++ b/hw/virtio/virtio-pci.c
> > @@ -1038,6 +1038,12 @@ assign_error:
> > while (--n >= 0) {
> > virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
> > }
> > +
> > + g_free(proxy->vector_irqfd);
> > + proxy->vector_irqfd = NULL;
> > +
> > return r;
> > }
> >
> > --
> >
> >
> > No virus found
> > Checked by Hillstone Network AntiVirus
>