From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=57741 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PBN6V-0007b2-A5
	for qemu-devel@nongnu.org; Thu, 28 Oct 2010 03:40:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jasowang@redhat.com>) id 1PBN6U-0007Fz-1B
	for qemu-devel@nongnu.org; Thu, 28 Oct 2010 03:40:55 -0400
Received: from mx1.redhat.com ([209.132.183.28]:48428)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jasowang@redhat.com>) id 1PBN6T-0007Fl-RE
	for qemu-devel@nongnu.org; Thu, 28 Oct 2010 03:40:53 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o9S7epEl014763
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Thu, 28 Oct 2010 03:40:51 -0400
From: Jason Wang <jasowang@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <19657.10495.746314.421330@gargle.gargle.HOWL>
Date: Thu, 28 Oct 2010 15:40:47 +0800
In-Reply-To: <20101027180343.GA27426@redhat.com>
References: <20101027180343.GA27426@redhat.com>
Subject: [Qemu-devel] [PATCH] tap: clear vhost_net backend on cleanup
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>, qemu-devel@nongnu.org

Michael S. Tsirkin writes:
 > Frontends calling tap_get_vhost_net get an invalid pointer after the
 > peer backend has been deleted. Jason Wang <jasowang@redhat.com> reports
 > this leading to a crash in ack_features when we remove the vhost-net
 > bakend of a virtio nic.
 > 
 > The fix is simply to clear the backend pointer.
 > 
 > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 > ---
 > 
 > Jason, could you please confirm whether this patch
 > will fix the issue you have observed?
 > 
 > Thanks,
 > 

Yes it does, and how about also add assign fd to -1 in tap_cleanup()
and then check it in virtio_net_set_features() otherwise we could get
warning of the failure of offload setting?

 >  net/tap.c |    1 +
 >  1 files changed, 1 insertions(+), 0 deletions(-)
 > 
 > diff --git a/net/tap.c b/net/tap.c
 > index 0147dab..4cfa538 100644
 > --- a/net/tap.c
 > +++ b/net/tap.c
 > @@ -258,6 +258,7 @@ static void tap_cleanup(VLANClientState *nc)
 >  
 >      if (s->vhost_net) {
 >          vhost_net_cleanup(s->vhost_net);
 > +        s->vhost_net = NULL;
 >      }
 >  
 >      qemu_purge_queued_packets(nc);
 > -- 
 > 1.7.3.2.91.g446ac