From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:39137)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1TinHj-0004XV-Bw
	for qemu-devel@nongnu.org; Wed, 12 Dec 2012 09:27:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1TinHY-0006BP-0z
	for qemu-devel@nongnu.org; Wed, 12 Dec 2012 09:27:43 -0500
Received: from mx1.redhat.com ([209.132.183.28]:2643)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1TinHX-0006BD-QZ
	for qemu-devel@nongnu.org; Wed, 12 Dec 2012 09:27:31 -0500
Date: Wed, 12 Dec 2012 16:30:38 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20121212143038.GD15555@redhat.com>
References: <20121212105101.GA6461@redhat.com>
	<20121212135050.GC16270@stefanha-thinkpad.redhat.com>
	<50C88E53.4080200@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <50C88E53.4080200@redhat.com>
Subject: Re: [Qemu-devel] [PATCHv2] virtio: verify that all outstanding
 buffers are flushed
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>, Stefan Hajnoczi <stefanha@gmail.com>, Rusty Russell <rusty@rustcorp.com.au>, qemu-devel@nongnu.org, Avi Kivity <avi@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>

On Wed, Dec 12, 2012 at 03:01:55PM +0100, Paolo Bonzini wrote:
> Il 12/12/2012 14:50, Stefan Hajnoczi ha scritto:
> > VirtIOBlock->rq can trigger the assertion.
> > 
> > IIUC hw/virtio-blk.c may handle I/O errors by keeping the request
> > pending and on a list (->rq).  This allows the user to restart them
> > after, for example, adding more space to the host file system containing
> > the disk image file.
> > 
> > We keep a list of failed requests and we migrate this list.  So I think
> > inuse != 0 when migrating with pending failed I/O requests.
> 
> Same for virtio-scsi.  Each request in that case is sent as part of the
> SCSIDevice that it refers to, via callbacks in SCSIBusInfo.
> 
> Paolo

Looks like this will leak ring entries.

All I see is: virtio_scsi_load calling virtio_load.
When the loading side will get last avail index it
will assume all requests up to that value have
completed, so it will never put the missing heads
in the used ring.

And it is at this point too late for
the source to change the used ring as guest memory
has migrated.

-- 
MST