From: "Michael S. Tsirkin" <mst@redhat.com>
To: Ani Sinha <anisinha@redhat.com>
Cc: "Cédric Le Goater" <clg@redhat.com>,
qemu-devel@nongnu.org, "Peter Maydell" <peter.maydell@linaro.org>,
"Laurent Vivier" <lvivier@redhat.com>,
"Jason Wang" <jasowang@redhat.com>
Subject: Re: [PULL 52/53] vhost_net: add an assertion for TAP client backends
Date: Wed, 28 Jun 2023 06:50:47 -0400 [thread overview]
Message-ID: <20230628064927-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <2704D32C-D09E-4324-A8CB-744F5E5B47CD@redhat.com>
On Wed, Jun 28, 2023 at 04:03:44PM +0530, Ani Sinha wrote:
>
>
> > On 28-Jun-2023, at 1:00 PM, Cédric Le Goater <clg@redhat.com> wrote:
> >
> > On 6/28/23 08:45, Ani Sinha wrote:
> >>> On 28-Jun-2023, at 11:58 AM, Cédric Le Goater <clg@redhat.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> On 6/26/23 14:30, Michael S. Tsirkin wrote:
> >>>> From: Ani Sinha <anisinha@redhat.com>
> >>>> An assertion was missing for tap vhost backends that enforces a non-null
> >>>> reference from get_vhost_net(). Both vhost-net-user and vhost-net-vdpa
> >>>> enforces this. Enforce the same for tap. Unit tests pass with this change.
> >>>> Signed-off-by: Ani Sinha <anisinha@redhat.com>
> >>>> Message-Id: <20230619041501.111655-1-anisinha@redhat.com>
> >>>> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> >>>> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> >>>> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
> >>>> ---
> >>>> hw/net/vhost_net.c | 1 +
> >>>> 1 file changed, 1 insertion(+)
> >>>> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> >>>> index c4eecc6f36..6db23ca323 100644
> >>>> --- a/hw/net/vhost_net.c
> >>>> +++ b/hw/net/vhost_net.c
> >>>> @@ -507,6 +507,7 @@ VHostNetState *get_vhost_net(NetClientState *nc)
> >>>> switch (nc->info->type) {
> >>>> case NET_CLIENT_DRIVER_TAP:
> >>>> vhost_net = tap_get_vhost_net(nc);
> >>>> + assert(vhost_net);
> >>>> break;
> >>>> #ifdef CONFIG_VHOST_NET_USER
> >>>> case NET_CLIENT_DRIVER_VHOST_USER:
> >>>
> >>> A system of mine without vhost_net (old host kernel) is reaching this assert
> >> We need to understand why this assertion is being hit. It could be a bug somewhere else.
> >
> > sure.
> >
> >> What is the backtrace?
> >
> >
> > #0 __pthread_kill_implementation (threadid=549621125152, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
> > #1 0x0000007ff71df254 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
> > #2 0x0000007ff719a67c in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
> > #3 0x0000007ff7187130 in __GI_abort () at ./stdlib/abort.c:79
> > #4 0x0000007ff7193fd0 in __assert_fail_base
> > (fmt=0x7ff72ad3f8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5556208c00 "vhost_net", file=file@entry=0x5556208ae0 "../hw/net/vhost_net.c", line=line@entry=510, function=function@entry=0x5556208de8 <__PRETTY_FUNCTION__.2> "get_vhost_net") at ./assert/assert.c:92
> > #5 0x0000007ff7194040 in __GI___assert_fail
> > (assertion=assertion@entry=0x5556208c00 "vhost_net", file=file@entry=0x5556208ae0 "../hw/net/vhost_net.c", line=line@entry=510, function=function@entry=0x5556208de8 <__PRETTY_FUNCTION__.2> "get_vhost_net") at ./assert/assert.c:101
> > #6 0x0000005555a767ac in get_vhost_net (nc=<optimized out>) at ../hw/net/vhost_net.c:510
> > #7 0x0000005555e6aea8 in virtio_net_get_features (vdev=0x55578cc770, features=1105849221095, errp=<optimized out>) at ../hw/net/virtio-net.c:807
> > #8 0x0000005555b69da4 in virtio_bus_device_plugged (vdev=vdev@entry=0x55578cc770, errp=errp@entry=0x7fffffe640) at ../hw/virtio/virtio-bus.c:66
> > #9 0x0000005555e8b6a0 in virtio_device_realize (dev=0x55578cc770, errp=0x7fffffe6c0) at ../hw/virtio/virtio.c:3609
> > #10 0x0000005555f1ead8 in device_set_realized (obj=0x55578cc770, value=<optimized out>, errp=0x7fffffe898) at ../hw/core/qdev.c:510
> > #11 0x0000005555f22a14 in property_set_bool (obj=0x55578cc770, v=<optimized out>, name=<optimized out>, opaque=0x5556be9ad0, errp=0x7fffffe898) at ../qom/object.c:2285
> > #12 0x0000005555f260fc in object_property_set (obj=obj@entry=0x55578cc770, name=name@entry=0x555621c280 "realized", v=v@entry=0x55578d9310, errp=errp@entry=0x7fffffe898)
> > at ../qom/object.c:1420
> > #13 0x0000005555f2a85c in object_property_set_qobject
> > (obj=obj@entry=0x55578cc770, name=name@entry=0x555621c280 "realized", value=value@entry=0x55578d9250, errp=errp@entry=0x7fffffe898) at ../qom/qom-qobject.c:28
> > #14 0x0000005555f26820 in object_property_set_bool (obj=0x55578cc770, name=0x555621c280 "realized", value=<optimized out>, errp=0x7fffffe898) at ../qom/object.c:1489
> > #15 0x0000005555aafd24 in pci_qdev_realize (qdev=<optimized out>, errp=<optimized out>) at ../hw/pci/pci.c:2116
> > #16 0x0000005555f1ead8 in device_set_realized (obj=0x55578c43a0, value=<optimized out>, errp=0x7fffffeae8) at ../hw/core/qdev.c:510
> > #17 0x0000005555f22a14 in property_set_bool (obj=0x55578c43a0, v=<optimized out>, name=<optimized out>, opaque=0x5556be9ad0, errp=0x7fffffeae8) at ../qom/object.c:2285
> > #18 0x0000005555f260fc in object_property_set (obj=obj@entry=0x55578c43a0, name=name@entry=0x555621c280 "realized", v=v@entry=0x55578d34c0, errp=errp@entry=0x7fffffeae8)
> > at ../qom/object.c:1420
> > #19 0x0000005555f2a85c in object_property_set_qobject
> > (obj=obj@entry=0x55578c43a0, name=name@entry=0x555621c280 "realized", value=value@entry=0x55578d3450, errp=errp@entry=0x7fffffeae8) at ../qom/qom-qobject.c:28
> > #20 0x0000005555f26820 in object_property_set_bool (obj=0x55578c43a0, name=0x555621c280 "realized", value=<optimized out>, errp=0x7fffffeae8) at ../qom/object.c:1489
> > #21 0x0000005555ba4f7c in qdev_device_add_from_qdict (opts=opts@entry=0x55578c3110, from_json=from_json@entry=false, errp=0x7fffffeae8, errp@entry=0x5556b24a28 <error_fatal>)
> > at ../softmmu/qdev-monitor.c:714
> > #22 0x0000005555ba5170 in qdev_device_add (opts=0x5556be6060, errp=errp@entry=0x5556b24a28 <error_fatal>) at ../softmmu/qdev-monitor.c:733
> > #23 0x0000005555baa09c in device_init_func (opaque=<optimized out>, opts=<optimized out>, errp=0x5556b24a28 <error_fatal>) at ../softmmu/vl.c:1152
> > #24 0x00000055560b2124 in qemu_opts_foreach
> > (list=<optimized out>, func=func@entry=0x5555baa080 <device_init_func>, opaque=opaque@entry=0x0, errp=errp@entry=0x5556b24a28 <error_fatal>) at ../util/qemu-option.c:1135
> > #25 0x0000005555bac88c in qemu_create_cli_devices () at ../softmmu/vl.c:2573
> > #26 qmp_x_exit_preconfig (errp=<optimized out>) at ../softmmu/vl.c:2641
> > #27 0x0000005555bafee4 in qmp_x_exit_preconfig (errp=<optimized out>) at ../softmmu/vl.c:2635
> > #28 qemu_init (argc=<optimized out>, argv=<optimized out>) at ../softmmu/vl.c:3648
> > #29 0x00000055558e839c in main (argc=<optimized out>, argv=<optimized out>) at ../softmmu/main.c:47
> >
> >> What is the repro case?
> >
>
> I have been able to repro this even on x86, using the following command line:
>
> ./qemu-system-x86_64 \
> -accel kvm \
> -machine pc-q35-8.0 \
> -m 8192 \
> -nodefaults \
> -boot strict=on \
> -nographic \
> -device virtio-net,netdev=net0,mac=C0:FF:EE:00:00:12,bus=pcie.0,addr=0x3 \
> -netdev tap,id=net0,helper=/usr/libexec/qemu-bridge-helper,br=virbr0,vhost=off \
> -monitor stdio \
> -qmp tcp:0:5555,server,nowait \
> -vnc :0
>
>
> > Nothing special :
> >
> > qemu-system-aarch64 -M virt -accel kvm -cpu host -nographic -m 2G \
> > -drive if=pflash,format=raw,file=./EFI/efi.img,readonly=on \
> > -drive if=pflash,format=raw,file=fedora-varstore.img \
> > -device virtio-net,netdev=net0,mac=C0:FF:EE:00:00:12,bus=pcie.0,addr=0x3 \
> > -netdev tap,id=net0,helper=/usr/lib/qemu/qemu-bridge-helper,br=virbr0,vhost=off \
> ^^^^^^^^^^^
> This is what is causing the crash. With vhost=off or without that option (and no vhostfd provided or forced) , within net_init_tap_one(), tap->vhost is False (when vhost=off) or tap->has_vhost is False (when no vhost option is provided). Thus vhost_net_init() will never be called since the following conditional evaluates to false :
>
> if (tap->has_vhost ? tap->vhost :
> vhostfdname || (tap->has_vhostforce && tap->vhostforce)) {
>
> and s->vhost_net pointer will remain NULL.
>
> The crash does not happen when passing vhost=on in the commandline.
>
> Its sad we did not have a test for it and did not catch this scenario.
>
> I will replace the assert() with a comment as to why the assert() is absent in tap network case.
>
> > -drive file=fedora-arm64.qcow2,if=none,id=disk,format=qcow2,cache=none \
> > -device virtio-blk-device,drive=disk \
> > -serial mon:stdio
> > qemu-system-aarch64: ../hw/net/vhost_net.c:510: get_vhost_net: Assertion `vhost_net' failed.
>
Thanks! Pls post quickly and I'll do a pull with just this fixup, so
people don't suffer from the regression.
--
MST
next prev parent reply other threads:[~2023-06-28 10:51 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 12:27 [PULL 00/53] virtio,pc,pci: fixes, features, cleanups Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 01/53] bswap: Add the ability to store to an unaligned 24 bit field Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 02/53] hw/cxl: QMP based poison injection support Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 03/53] hw/cxl: Add poison injection via the mailbox Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 04/53] hw/cxl: Add clear poison mailbox command support Michael S. Tsirkin
2024-05-03 12:45 ` Peter Maydell
2024-05-31 12:38 ` Peter Maydell
2024-05-31 16:23 ` Ira Weiny
2023-06-26 12:28 ` [PULL 05/53] hw/cxl/events: Add event status register Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 06/53] hw/cxl: Move CXLRetCode definition to cxl_device.h Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 07/53] hw/cxl/events: Wire up get/clear event mailbox commands Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 08/53] hw/cxl/events: Add event interrupt support Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 09/53] hw/cxl/events: Add injection of General Media Events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 10/53] hw/cxl/events: Add injection of DRAM events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 11/53] hw/cxl/events: Add injection of Memory Module Events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 12/53] cryptodev-vhost-user: add asymmetric crypto support Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 13/53] softmmu: Introduce qemu_target_page_mask() helper Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 14/53] hw/scsi: Introduce VHOST_SCSI_COMMON symbol in Kconfig Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 15/53] hw/scsi: Rearrange meson.build Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 16/53] hw/scsi: Rename target-specific source set as 'specific_virtio_scsi_ss' Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 17/53] hw/virtio: Introduce VHOST_VSOCK_COMMON symbol in Kconfig Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 18/53] hw/virtio/virtio-mem: Use qemu_ram_get_fd() helper Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 19/53] hw/virtio/vhost-vsock: Include missing 'virtio/virtio-bus.h' header Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 20/53] hw/virtio/virtio-iommu: Use target-agnostic qemu_target_page_mask() Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 21/53] hw/virtio: Remove unnecessary 'virtio-access.h' header Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 22/53] hw/virtio: Build various target-agnostic objects just once Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 23/53] vhost: release memory_listener object in error path Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 24/53] vhost: release virtqueue objects " Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 25/53] pci: ROM preallocation for incoming migration Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 26/53] virtio-mem: Simplify bitmap handling and virtio_mem_set_block_state() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 27/53] vdpa: return errno in vhost_vdpa_get_vring_group error Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 28/53] vdpa: move CVQ isolation check to net_init_vhost_vdpa Michael S. Tsirkin
2023-06-27 11:30 ` Peter Maydell
2023-09-15 14:52 ` Peter Maydell
2023-09-15 15:56 ` Eugenio Perez Martin
2023-06-26 12:29 ` [PULL 29/53] cryptodev: fix memory leak during stats query Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 30/53] hw/acpi: Fix PM control register access Michael S. Tsirkin
2023-06-26 13:20 ` Igor Mammedov
2023-06-26 13:49 ` Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 31/53] hw/i386/pc: Default to use SMBIOS 3.0 for newer machine models Michael S. Tsirkin
2023-11-28 13:57 ` Fiona Ebner
2023-11-28 14:13 ` Daniel P. Berrangé
2023-11-28 14:53 ` Fiona Ebner
2023-11-28 16:00 ` Michael S. Tsirkin
2023-11-28 16:04 ` Daniel P. Berrangé
2023-11-29 10:01 ` Igor Mammedov
2023-11-30 11:22 ` Igor Mammedov
2023-11-30 11:47 ` Gerd Hoffmann
2023-11-30 12:45 ` Fiona Ebner
2023-12-29 15:35 ` Igor Mammedov
2023-12-29 15:45 ` Michael S. Tsirkin
2024-01-03 8:51 ` Igor Mammedov
2023-06-26 12:29 ` [PULL 32/53] tests/data/acpi: update after SMBIOS 2.0 change Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 33/53] pc: q35: Bump max_cpus to 1024 Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 34/53] vdpa: do not block migration if device has cvq and x-svq=on Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 35/53] vdpa: reorder vhost_vdpa_net_cvq_cmd_page_len function Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 36/53] vdpa: map shadow vrings with MAP_SHARED Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 37/53] include/hw/virtio: make some VirtIODevice const Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 38/53] vdpa: reuse virtio_vdev_has_feature() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 39/53] hw/net/virtio-net: make some VirtIONet const Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 40/53] virtio-net: expose virtio_net_supported_guest_offloads() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 41/53] vdpa: Add vhost_vdpa_net_load_offloads() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 42/53] vdpa: Allow VIRTIO_NET_F_CTRL_GUEST_OFFLOADS in SVQ Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 43/53] vhost: fix vhost_dev_enable_notifiers() error case Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 44/53] vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 45/53] vdpa: fix not using CVQ buffer in case of error Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 46/53] hw/i386/pc: Clean up pc_machine_initfn Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 47/53] virtio-scsi: avoid dangling host notifier in ->ioeventfd_stop() Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 48/53] vhost-user: fully use new backend/frontend naming Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 49/53] intel_iommu: Fix a potential issue in VFIO dirty page sync Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 50/53] intel_iommu: Fix flag check in replay Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 51/53] intel_iommu: Fix address space unmap Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 52/53] vhost_net: add an assertion for TAP client backends Michael S. Tsirkin
2023-06-28 6:28 ` Cédric Le Goater
2023-06-28 6:45 ` Ani Sinha
2023-06-28 7:30 ` Cédric Le Goater
2023-06-28 10:33 ` Ani Sinha
2023-06-28 10:50 ` Michael S. Tsirkin [this message]
2023-06-26 12:30 ` [PULL 53/53] vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present Michael S. Tsirkin
2023-06-26 15:53 ` Michael Tokarev
2023-06-27 4:35 ` Ani Sinha
2023-06-26 13:51 ` [PULL 00/53] virtio,pc,pci: fixes, features, cleanups Michael S. Tsirkin
2023-06-26 15:32 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230628064927-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=anisinha@redhat.com \
--cc=clg@redhat.com \
--cc=jasowang@redhat.com \
--cc=lvivier@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.