[PULL 35/53] chardev/char-socket: set s->listener = NULL in char_socket_finalize

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Yajun Wu" <yajunw@nvidia.com>, "Jiri Pirko" <jiri@nvidia.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	Yajun@redhat.com, Wu@redhat.com, &lt@redhat.com, Jiri@redhat.com,
	Pirko@redhat.com, "Paolo Bonzini" <pbonzini@redhat.com>
Subject: [PULL 35/53] chardev/char-socket: set s->listener = NULL in char_socket_finalize
Date: Thu, 2 Mar 2023 03:26:16 -0500	[thread overview]
Message-ID: <20230302082343.560446-36-mst@redhat.com> (raw)
In-Reply-To: <20230302082343.560446-1-mst@redhat.com>

From: Yajun Wu <yajunw@nvidia.com>

After live migration with virtio block device, qemu crash at:

	#0  0x000055914f46f795 in object_dynamic_cast_assert (obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90 "/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30, func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872
	#1  0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at /images/testvfe/sw/qemu.gerrit/include/io/channel.h:29
	#2  0x000055914f4812f8 in qio_net_listener_set_client_func_full (listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>, data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166
	#3  0x000055914f580059 in tcp_chr_update_read_handler (chr=0x5591519f4ea0) at ../chardev/char-socket.c:637
	#4  0x000055914f583dca in qemu_chr_be_update_read_handlers (s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226
	#5  0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false, sync_state=true) at ../chardev/char-fe.c:279
	#6  0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false) at ../chardev/char-fe.c:304
	#7  0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0, chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1 <vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725
	#8  0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0, event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395
	#9  0x000055914f58388c in chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:61
	#10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:81
	#11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at ../chardev/char-socket.c:1083
	#12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0, type=0x5591519055c0) at ../qom/object.c:680
	#13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at ../qom/object.c:694
	#14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at ../qom/object.c:1202
	#15 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at ../qom/object.c:1747
	#16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50) at ../qom/object.c:632
	#17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at ../qom/object.c:693
	#18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at ../qom/object.c:1202
	#19 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at ../qom/object.c:1747
	#20 0x000055914f46ef67 in object_property_del_child (obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654
	#21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at ../qom/object.c:673
	#22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189
	#23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830
	#24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38
	#25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at ../softmmu/main.c:48

In char_socket_finalize after s->listener freed, event callback function
vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED.
vhost_user_blk_event is calling qio_net_listener_set_client_func_full which
is still using s->listener.

Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can
solve this issue.

Signed-off-by: Yajun Wu <yajunw@nvidia.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>

Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Yajun Wu &lt;<a href="mailto:yajunw@nvidia.com" target="_blank">yajunw@nvidia.com</a>&gt;<br>
Acked-by: Jiri Pirko &lt;<a href="mailto:jiri@nvidia.com" target="_blank">jiri@nvidia.com</a>&gt;<br></blockquote><div><br></div><div>Reviewed-by: Marc-André Lureau &lt;<a href="mailto:marcandre.lureau@redhat.com">marcandre.lureau@redhat.com</a>&gt;<br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 chardev/char-socket.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index c2265436ac..8c58532171 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -1065,6 +1065,7 @@ static void char_socket_finalize(Object *obj)
         qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
                                               NULL, chr->gcontext);
         object_unref(OBJECT(s->listener));
+        s->listener = NULL;
     }
     if (s->tls_creds) {
         object_unref(OBJECT(s->tls_creds));
-- 
MST

next prev parent reply	other threads:[~2023-03-02  8:27 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-02  8:24 [PULL 00/53] virtio,pc,pci: features, cleanups, fixes Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 01/53] hw/smbios: fix field corruption in type 4 table Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 02/53] Revert "x86: don't let decompressed kernel image clobber setup_data" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 03/53] Revert "x86: do not re-randomize RNG seed on snapshot load" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 04/53] Revert "x86: re-initialize RNG seed when selecting kernel" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 05/53] Revert "x86: reinitialize RNG seed on system reboot" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 06/53] Revert "x86: use typedef for SetupData struct" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 07/53] Revert "x86: return modified setup_data only if read as memory, not as file" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 08/53] Revert "hw/i386: pass RNG seed via setup_data entry" Michael S. Tsirkin
2023-03-02  8:24 ` [PULL 09/53] virtio-net: clear guest_announce feature if no cvq backend Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 10/53] backends/vhost-user: remove the ioeventfd check Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 11/53] vhost-user-gpio: Configure vhost_dev when connecting Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 12/53] vhost-user-i2c: Back up vqs before cleaning up vhost_dev Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 13/53] vhost-user-rng: " Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 14/53] virtio-rng-pci: fix transitional migration compat for vectors Michael S. Tsirkin
2023-03-04 20:03   ` Michael Tokarev
2023-03-05 10:25     ` Michael S. Tsirkin
2023-03-06 12:12     ` Dr. David Alan Gilbert
2023-03-02  8:25 ` [PULL 15/53] hw/timer/hpet: Fix expiration time overflow Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 16/53] docs: vhost-user: replace _SLAVE_ with _BACKEND_ Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 17/53] libvhost-user: Adopt new backend naming Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 18/53] vhost-user: " Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 19/53] vdpa: stop all svq on device deletion Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 20/53] pci/shpc: set attention led to OFF on reset Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 21/53] pci/shpc: change shpc_get_status() return type to uint8_t Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 22/53] pci/shpc: shpc_slot_command(): handle PWRONLY -> ENABLED transition Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 23/53] pci/shpc: more generic handle hot-unplug in shpc_slot_command() Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 24/53] pci/shpc: pass PCIDevice pointer to shpc_slot_command() Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 25/53] pci/shpc: refactor shpc_device_plug_common() Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 26/53] pcie: pcie_cap_slot_write_config(): use correct macro Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 27/53] pcie_regs: drop duplicated indicator value macros Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 28/53] pcie: drop unused PCIExpressIndicator Michael S. Tsirkin
2023-03-02  8:25 ` [PULL 29/53] pcie: pcie_cap_slot_enable_power() use correct helper Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 30/53] pcie: introduce pcie_sltctl_powered_off() helper Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 31/53] pcie: set power indicator to off on reset by default Michael S. Tsirkin
2023-03-02 11:34   ` Vladimir Sementsov-Ogievskiy
2023-03-02 11:42     ` Michael S. Tsirkin
2023-03-03  0:15     ` Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 32/53] vhost: avoid a potential use of an uninitialized variable in vhost_svq_poll() Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 33/53] libvhost-user: check for NULL when allocating a virtqueue element Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 34/53] hw/pci: Trace IRQ routing on PCI topology Michael S. Tsirkin
2023-03-02  8:26 ` Michael S. Tsirkin [this message]
2023-03-02 11:49   ` [PULL 35/53] chardev/char-socket: set s->listener = NULL in char_socket_finalize Michael Tokarev
2023-03-03  0:15     ` Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 36/53] memory: Optimize replay of guest mapping Michael S. Tsirkin
2023-04-04 18:00   ` Peter Maydell
2023-04-04 19:13     ` Michael S. Tsirkin
2023-04-04 20:23       ` Peter Maydell
2023-04-04 20:37         ` Peter Xu
2023-04-04 20:38         ` Michael S. Tsirkin
2023-04-06  3:46       ` Duan, Zhenzhong
2023-03-02  8:26 ` [PULL 37/53] intel-iommu: fail MAP notifier without caching mode Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 38/53] intel-iommu: fail DEVIOTLB_UNMAP without dt mode Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 39/53] memory: introduce memory_region_unmap_iommu_notifier_range() Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 40/53] smmu: switch to use memory_region_unmap_iommu_notifier_range() Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 41/53] intel-iommu: send UNMAP notifications for domain or global inv desc Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 42/53] MAINTAINERS: Add Fan Ni as Compute eXpress Link QEMU reviewer Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 43/53] hw/mem/cxl_type3: Improve error handling in realize() Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 44/53] hw/pci-bridge/cxl_downstream: Fix type naming mismatch Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 45/53] hw/cxl: set cxl-type3 device type to PCI_CLASS_MEMORY_CXL Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 46/53] hw/cxl: Add CXL_CAPACITY_MULTIPLIER definition Michael S. Tsirkin
2023-03-02  8:26 ` [PULL 47/53] tests/acpi: Allow update of q35/DSDT.cxl Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 48/53] hw/i386/acpi: Drop duplicate _UID entry for CXL root bridge Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 49/53] tests: acpi: Update q35/DSDT.cxl for removed duplicate UID Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 50/53] qemu/bswap: Add const_le64() Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 51/53] qemu/uuid: Add UUID static initializer Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 52/53] hw/cxl/mailbox: Use new UUID network order define for cel_uuid Michael S. Tsirkin
2023-03-02  8:27 ` [PULL 53/53] tests/data/acpi/virt: drop (most) duplicate files Michael S. Tsirkin
2023-03-02 12:16 ` [PULL 00/53] virtio,pc,pci: features, cleanups, fixes Michael Tokarev
2023-03-02 23:23   ` Michael S. Tsirkin
2023-03-03  0:15 ` Michael S. Tsirkin
2023-03-03 17:09   ` Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c2265436a dfblob:8c5853217 )
 OR (
bs:"[PULL 35/53] chardev/char-socket: set s->listener = NULL in char_socket_finalize" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230302082343.560446-36-mst@redhat.com \
    --to=mst@redhat.com \
    --cc=&lt@redhat.com \
    --cc=Jiri@redhat.com \
    --cc=Pirko@redhat.com \
    --cc=Wu@redhat.com \
    --cc=Yajun@redhat.com \
    --cc=jiri@nvidia.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=yajunw@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.