From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Li Feng <fengli@smartx.com>
Cc: "Li Feng" <lifeng1519@gmail.com>, "Kyle Zhang" <kyle@smartx.com>,
"Marc-André Lureau" <marcandre.lureau@gmail.com>,
"open list:All patches CC here" <qemu-devel@nongnu.org>,
"Dima Stepanov" <dimastep@yandex-team.ru>
Subject: Re: [PATCH v3 1/2] io/channel: fix crash when qio_channel_readv_all return 0
Date: Mon, 11 May 2020 11:02:57 +0100 [thread overview]
Message-ID: <20200511100257.GG1135885@redhat.com> (raw)
In-Reply-To: <CAHckoCxh5USw8bqWyn-mc6fEemnu_EEn+NWSLjG-PbuWAaAB7w@mail.gmail.com>
On Fri, May 08, 2020 at 08:42:22PM +0800, Li Feng wrote:
> Marc-André Lureau <marcandre.lureau@gmail.com> 于2020年5月8日周五 下午8:32写道:
> >
> > Hi
> >
> > On Fri, May 8, 2020 at 7:14 AM Li Feng <fengli@smartx.com> wrote:
> > >
> > > Root cause:
> > > From `man recvmsg`, the RETURN VALUE says:
> > > These calls return the number of bytes received, or -1 if an error occurred.
> > > In the event of an error, errno is set to indicate the error.
> > > The return value will be 0 when the peer has performed an orderly shutdown.
> > >
> > > When an error happens, the socket will be closed, and recvmsg return 0,
> > > then error_setg will trigger a crash.
> > >
> > > This unit test could reproduce this issue:
> > > tests/test-char -p /char/socket/client/reconnect-error/unix
> >
> > Current master doesn't trigger the backtrace, it's only after your patch 2.
> Yes. However, the issue did exist in the master code base.
> The test case in patch 2 revealed this issue.
>
> >
> > >
> > > The core file backtrace is :
> > >
> > > (gdb) bt
> > > #0 0x00007ffff5ac3277 in raise () from /lib64/libc.so.6
> > > #1 0x00007ffff5ac4968 in abort () from /lib64/libc.so.6
> > > #2 0x00005555555aaa94 in error_handle_fatal (errp=<optimized out>, err=0x7fffec0012d0) at util/error.c:40
> > > #3 0x00005555555aab6d in error_setv (errp=0x555555802a08 <error_abort>, src=0x5555555c4280 "io/channel.c", line=148,
> > > func=0x5555555c4580 <__func__.17489> "qio_channel_readv_all", err_class=ERROR_CLASS_GENERIC_ERROR,
> > > fmt=<optimized out>, ap=0x7ffff423bae0, suffix=0x0) at util/error.c:73
> > > #4 0x00005555555aacf0 in error_setg_internal (errp=errp@entry=0x555555802a08 <error_abort>,
> > > src=src@entry=0x5555555c4280 "io/channel.c", line=line@entry=148,
> > > func=func@entry=0x5555555c4580 <__func__.17489> "qio_channel_readv_all",
> > > fmt=fmt@entry=0x5555555c43a0 "Unexpected end-of-file before all bytes were read") at util/error.c:97
> > > #5 0x000055555556c25c in qio_channel_readv_all (ioc=<optimized out>, iov=<optimized out>, niov=<optimized out>,
> > > errp=0x555555802a08 <error_abort>) at io/channel.c:147
> > > #6 0x000055555556c29a in qio_channel_read_all (ioc=<optimized out>, buf=<optimized out>, buflen=<optimized out>,
> > > errp=<optimized out>) at io/channel.c:247
> > > #7 0x000055555556ad22 in char_socket_ping_pong (ioc=0x7fffec0008c0) at tests/test-char.c:732
> > > #8 0x000055555556ae12 in char_socket_client_server_thread (data=data@entry=0x55555582e350) at tests/test-char.c:891
> > > #9 0x00005555555a95b6 in qemu_thread_start (args=<optimized out>) at util/qemu-thread-posix.c:519
> > > #10 0x00007ffff5e61e25 in start_thread () from /lib64/libpthread.so.0
> > > #11 0x00007ffff5b8bbad in clone () from /lib64/libc.so.6
> > >
> > > Signed-off-by: Li Feng <fengli@smartx.com>
> > > ---
> > > io/channel.c | 2 --
> > > 1 file changed, 2 deletions(-)
> > >
> > > diff --git a/io/channel.c b/io/channel.c
> > > index e4376eb0bc..1a4a505f01 100644
> > > --- a/io/channel.c
> > > +++ b/io/channel.c
> > > @@ -144,8 +144,6 @@ int qio_channel_readv_all(QIOChannel *ioc,
> > >
> > > if (ret == 0) {
> > > ret = -1;
> > > - error_setg(errp,
> > > - "Unexpected end-of-file before all bytes were read");
> >
> > Nack, this code is fine.
> >
> > The problem is that the test case doesn't expect a disconnect in
> > char_socket_ping_pong().
> Yes, in the test case I try to inject an error in char_socket_ping_pong.
> Any concerns about these two patches?
I agree with Marc-André - this patch is wrong. qio_channel_readv_all
*MUST* always set 'errp' if the return value is -1. To not set 'errp'
is violating the calling convention.
The bug here is in your test case - it is passing '&error_abort' to the
'qio_channel_readv_all' call. If you don't want the test to crash, then
don't pass &error_abort
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-05-11 10:04 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-15 3:28 [PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev Li Feng
2020-04-15 3:28 ` [PATCH 1/4] vhost-user-blk: delay vhost_user_blk_disconnect Li Feng
2020-04-14 1:24 ` Raphael Norwitz
2020-04-20 11:18 ` Li Feng
2020-04-15 3:28 ` [PATCH 2/4] vhost-user-blk: fix invalid memory access Li Feng
2020-04-14 1:44 ` Raphael Norwitz
2020-04-15 3:28 ` [PATCH 3/4] char-socket: avoid double call tcp_chr_free_connection Li Feng
2020-04-15 10:35 ` Marc-André Lureau
2020-04-20 3:10 ` Li Feng
2020-04-20 14:28 ` Marc-André Lureau
2020-04-28 8:51 ` [PATCH v2] char-socket: initialize reconnect timer only when the timer doesn't start Li Feng
[not found] ` <20200508051441.8143-1-fengli@smartx.com>
2020-05-08 5:14 ` [PATCH v3 1/2] io/channel: fix crash when qio_channel_readv_all return 0 Li Feng
2020-05-08 12:32 ` Marc-André Lureau
2020-05-08 12:42 ` Li Feng
2020-05-11 10:02 ` Daniel P. Berrangé [this message]
2020-05-11 12:09 ` Li Feng
2020-05-08 5:14 ` [PATCH v3 2/2] char-socket: initialize reconnect timer only when the timer doesn't start Li Feng
2020-05-08 11:00 ` Marc-André Lureau
2020-05-08 12:16 ` Li Feng
2020-05-08 12:28 ` Marc-André Lureau
2020-05-08 12:31 ` Li Feng
2020-05-11 12:39 ` [PATCH v4] " Li Feng
2020-05-21 15:15 ` Paolo Bonzini
2020-04-28 8:54 ` [PATCH v2] " Li Feng
2020-04-28 8:59 ` Li Feng
2020-04-28 11:05 ` Marc-André Lureau
2020-04-28 14:09 ` Feng Li
2020-04-15 3:28 ` [PATCH 4/4] vhost-user-blk: fix crash in realize process Li Feng
2020-04-14 1:54 ` Raphael Norwitz
[not found] ` <CAHckoCwsLwqNhVHK4PF+pzt5ExkurPNsWLw7ueRG8dfOUA2rXg@mail.gmail.com>
2020-04-17 10:07 ` Fwd: " Li Feng
2020-04-17 9:45 ` [PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev Michael S. Tsirkin
2020-04-17 10:11 ` Li Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200511100257.GG1135885@redhat.com \
--to=berrange@redhat.com \
--cc=dimastep@yandex-team.ru \
--cc=fengli@smartx.com \
--cc=kyle@smartx.com \
--cc=lifeng1519@gmail.com \
--cc=marcandre.lureau@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).