* [PATCH] 9pfs/xen: Fix segfault on shutdown
@ 2023-05-02 14:37 Jason Andryuk
2023-05-04 13:30 ` Michael Tokarev
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Jason Andryuk @ 2023-05-02 14:37 UTC (permalink / raw)
To: qemu-devel
Cc: Jason Andryuk, Greg Kurz, Christian Schoenebeck,
Stefano Stabellini, Anthony Perard, Paul Durrant,
open list:X86 Xen CPUs
xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
out when free is called. Do the teardown in _disconnect(). This
matches the setup done in _connect().
trace-events are also added for the XenDevOps functions.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
---
hw/9pfs/trace-events | 5 +++++
hw/9pfs/xen-9p-backend.c | 36 +++++++++++++++++++++++-------------
2 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
index 6c77966c0b..7b5b0b5a48 100644
--- a/hw/9pfs/trace-events
+++ b/hw/9pfs/trace-events
@@ -48,3 +48,8 @@ v9fs_readlink(uint16_t tag, uint8_t id, int32_t fid) "tag %d id %d fid %d"
v9fs_readlink_return(uint16_t tag, uint8_t id, char* target) "tag %d id %d name %s"
v9fs_setattr(uint16_t tag, uint8_t id, int32_t fid, int32_t valid, int32_t mode, int32_t uid, int32_t gid, int64_t size, int64_t atime_sec, int64_t mtime_sec) "tag %u id %u fid %d iattr={valid %d mode %d uid %d gid %d size %"PRId64" atime=%"PRId64" mtime=%"PRId64" }"
v9fs_setattr_return(uint16_t tag, uint8_t id) "tag %u id %u"
+
+xen_9pfs_alloc(char *name) "name %s"
+xen_9pfs_connect(char *name) "name %s"
+xen_9pfs_disconnect(char *name) "name %s"
+xen_9pfs_free(char *name) "name %s"
diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
index 0e266c552b..c646a0b3d1 100644
--- a/hw/9pfs/xen-9p-backend.c
+++ b/hw/9pfs/xen-9p-backend.c
@@ -25,6 +25,8 @@
#include "qemu/iov.h"
#include "fsdev/qemu-fsdev.h"
+#include "trace.h"
+
#define VERSIONS "1"
#define MAX_RINGS 8
#define MAX_RING_ORDER 9
@@ -337,6 +339,8 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
int i;
+ trace_xen_9pfs_disconnect(xendev->name);
+
for (i = 0; i < xen_9pdev->num_rings; i++) {
if (xen_9pdev->rings[i].evtchndev != NULL) {
qemu_set_fd_handler(qemu_xen_evtchn_fd(xen_9pdev->rings[i].evtchndev),
@@ -345,40 +349,42 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
xen_9pdev->rings[i].local_port);
xen_9pdev->rings[i].evtchndev = NULL;
}
- }
-}
-
-static int xen_9pfs_free(struct XenLegacyDevice *xendev)
-{
- Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
- int i;
-
- if (xen_9pdev->rings[0].evtchndev != NULL) {
- xen_9pfs_disconnect(xendev);
- }
-
- for (i = 0; i < xen_9pdev->num_rings; i++) {
if (xen_9pdev->rings[i].data != NULL) {
xen_be_unmap_grant_refs(&xen_9pdev->xendev,
xen_9pdev->rings[i].data,
xen_9pdev->rings[i].intf->ref,
(1 << xen_9pdev->rings[i].ring_order));
+ xen_9pdev->rings[i].data = NULL;
}
if (xen_9pdev->rings[i].intf != NULL) {
xen_be_unmap_grant_ref(&xen_9pdev->xendev,
xen_9pdev->rings[i].intf,
xen_9pdev->rings[i].ref);
+ xen_9pdev->rings[i].intf = NULL;
}
if (xen_9pdev->rings[i].bh != NULL) {
qemu_bh_delete(xen_9pdev->rings[i].bh);
+ xen_9pdev->rings[i].bh = NULL;
}
}
g_free(xen_9pdev->id);
+ xen_9pdev->id = NULL;
g_free(xen_9pdev->tag);
+ xen_9pdev->tag = NULL;
g_free(xen_9pdev->path);
+ xen_9pdev->path = NULL;
g_free(xen_9pdev->security_model);
+ xen_9pdev->security_model = NULL;
g_free(xen_9pdev->rings);
+ xen_9pdev->rings = NULL;
+ return;
+}
+
+static int xen_9pfs_free(struct XenLegacyDevice *xendev)
+{
+ trace_xen_9pfs_free(xendev->name);
+
return 0;
}
@@ -390,6 +396,8 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
V9fsState *s = &xen_9pdev->state;
QemuOpts *fsdev;
+ trace_xen_9pfs_connect(xendev->name);
+
if (xenstore_read_fe_int(&xen_9pdev->xendev, "num-rings",
&xen_9pdev->num_rings) == -1 ||
xen_9pdev->num_rings > MAX_RINGS || xen_9pdev->num_rings < 1) {
@@ -499,6 +507,8 @@ out:
static void xen_9pfs_alloc(struct XenLegacyDevice *xendev)
{
+ trace_xen_9pfs_alloc(xendev->name);
+
xenstore_write_be_str(xendev, "versions", VERSIONS);
xenstore_write_be_int(xendev, "max-rings", MAX_RINGS);
xenstore_write_be_int(xendev, "max-ring-page-order", MAX_RING_ORDER);
--
2.40.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] 9pfs/xen: Fix segfault on shutdown
2023-05-02 14:37 [PATCH] 9pfs/xen: Fix segfault on shutdown Jason Andryuk
@ 2023-05-04 13:30 ` Michael Tokarev
2023-05-05 10:05 ` Christian Schoenebeck
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Michael Tokarev @ 2023-05-04 13:30 UTC (permalink / raw)
To: Jason Andryuk, qemu-devel
Cc: Greg Kurz, Christian Schoenebeck, Stefano Stabellini,
Anthony Perard, Paul Durrant, open list:X86 Xen CPUs
02.05.2023 17:37, Jason Andryuk wrote:
> xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
> out when free is called. Do the teardown in _disconnect(). This
> matches the setup done in _connect().
Ping?
/mjt
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] 9pfs/xen: Fix segfault on shutdown
2023-05-02 14:37 [PATCH] 9pfs/xen: Fix segfault on shutdown Jason Andryuk
2023-05-04 13:30 ` Michael Tokarev
@ 2023-05-05 10:05 ` Christian Schoenebeck
2023-05-05 15:47 ` Jason Andryuk
2023-05-06 0:35 ` Stefano Stabellini
2023-05-11 14:37 ` Christian Schoenebeck
3 siblings, 1 reply; 6+ messages in thread
From: Christian Schoenebeck @ 2023-05-05 10:05 UTC (permalink / raw)
To: qemu-devel
Cc: Jason Andryuk, Greg Kurz, Stefano Stabellini, Anthony Perard,
Paul Durrant, open list:X86 Xen CPUs, Jason Andryuk
Hi Jason,
as this is a Xen specific change, I would like Stefano or another Xen
developer to take a look at it, just few things from my side ...
On Tuesday, May 2, 2023 4:37:22 PM CEST Jason Andryuk wrote:
> xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
Where exactly does it do that access? A backtrace or another detailed commit
log description would help.
> out when free is called. Do the teardown in _disconnect(). This
> matches the setup done in _connect().
>
> trace-events are also added for the XenDevOps functions.
>
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> hw/9pfs/trace-events | 5 +++++
> hw/9pfs/xen-9p-backend.c | 36 +++++++++++++++++++++++-------------
> 2 files changed, 28 insertions(+), 13 deletions(-)
>
> diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
> index 6c77966c0b..7b5b0b5a48 100644
> --- a/hw/9pfs/trace-events
> +++ b/hw/9pfs/trace-events
> @@ -48,3 +48,8 @@ v9fs_readlink(uint16_t tag, uint8_t id, int32_t fid) "tag %d id %d fid %d"
> v9fs_readlink_return(uint16_t tag, uint8_t id, char* target) "tag %d id %d name %s"
> v9fs_setattr(uint16_t tag, uint8_t id, int32_t fid, int32_t valid, int32_t mode, int32_t uid, int32_t gid, int64_t size, int64_t atime_sec, int64_t mtime_sec) "tag %u id %u fid %d iattr={valid %d mode %d uid %d gid %d size %"PRId64" atime=%"PRId64" mtime=%"PRId64" }"
> v9fs_setattr_return(uint16_t tag, uint8_t id) "tag %u id %u"
> +
Nit-picking; missing leading comment:
# xen-9p-backend.c
> +xen_9pfs_alloc(char *name) "name %s"
> +xen_9pfs_connect(char *name) "name %s"
> +xen_9pfs_disconnect(char *name) "name %s"
> +xen_9pfs_free(char *name) "name %s"
> diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
> index 0e266c552b..c646a0b3d1 100644
> --- a/hw/9pfs/xen-9p-backend.c
> +++ b/hw/9pfs/xen-9p-backend.c
> @@ -25,6 +25,8 @@
> #include "qemu/iov.h"
> #include "fsdev/qemu-fsdev.h"
>
> +#include "trace.h"
> +
> #define VERSIONS "1"
> #define MAX_RINGS 8
> #define MAX_RING_ORDER 9
> @@ -337,6 +339,8 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> int i;
>
> + trace_xen_9pfs_disconnect(xendev->name);
> +
> for (i = 0; i < xen_9pdev->num_rings; i++) {
> if (xen_9pdev->rings[i].evtchndev != NULL) {
> qemu_set_fd_handler(qemu_xen_evtchn_fd(xen_9pdev->rings[i].evtchndev),
> @@ -345,40 +349,42 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> xen_9pdev->rings[i].local_port);
> xen_9pdev->rings[i].evtchndev = NULL;
> }
> - }
> -}
> -
> -static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> -{
> - Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> - int i;
> -
> - if (xen_9pdev->rings[0].evtchndev != NULL) {
> - xen_9pfs_disconnect(xendev);
> - }
> -
> - for (i = 0; i < xen_9pdev->num_rings; i++) {
> if (xen_9pdev->rings[i].data != NULL) {
> xen_be_unmap_grant_refs(&xen_9pdev->xendev,
> xen_9pdev->rings[i].data,
> xen_9pdev->rings[i].intf->ref,
> (1 << xen_9pdev->rings[i].ring_order));
> + xen_9pdev->rings[i].data = NULL;
> }
> if (xen_9pdev->rings[i].intf != NULL) {
> xen_be_unmap_grant_ref(&xen_9pdev->xendev,
> xen_9pdev->rings[i].intf,
> xen_9pdev->rings[i].ref);
> + xen_9pdev->rings[i].intf = NULL;
> }
> if (xen_9pdev->rings[i].bh != NULL) {
> qemu_bh_delete(xen_9pdev->rings[i].bh);
> + xen_9pdev->rings[i].bh = NULL;
> }
> }
>
> g_free(xen_9pdev->id);
> + xen_9pdev->id = NULL;
> g_free(xen_9pdev->tag);
> + xen_9pdev->tag = NULL;
> g_free(xen_9pdev->path);
> + xen_9pdev->path = NULL;
> g_free(xen_9pdev->security_model);
> + xen_9pdev->security_model = NULL;
> g_free(xen_9pdev->rings);
> + xen_9pdev->rings = NULL;
> + return;
> +}
> +
> +static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> +{
> + trace_xen_9pfs_free(xendev->name);
> +
> return 0;
> }
xen_9pfs_free() doing nothing, that doesn't look right to me. Wouldn't it make
sense to turn xen_9pfs_free() idempotent instead?
>
> @@ -390,6 +396,8 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
> V9fsState *s = &xen_9pdev->state;
> QemuOpts *fsdev;
>
> + trace_xen_9pfs_connect(xendev->name);
> +
> if (xenstore_read_fe_int(&xen_9pdev->xendev, "num-rings",
> &xen_9pdev->num_rings) == -1 ||
> xen_9pdev->num_rings > MAX_RINGS || xen_9pdev->num_rings < 1) {
> @@ -499,6 +507,8 @@ out:
>
> static void xen_9pfs_alloc(struct XenLegacyDevice *xendev)
> {
> + trace_xen_9pfs_alloc(xendev->name);
> +
> xenstore_write_be_str(xendev, "versions", VERSIONS);
> xenstore_write_be_int(xendev, "max-rings", MAX_RINGS);
> xenstore_write_be_int(xendev, "max-ring-page-order", MAX_RING_ORDER);
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] 9pfs/xen: Fix segfault on shutdown
2023-05-05 10:05 ` Christian Schoenebeck
@ 2023-05-05 15:47 ` Jason Andryuk
0 siblings, 0 replies; 6+ messages in thread
From: Jason Andryuk @ 2023-05-05 15:47 UTC (permalink / raw)
To: Christian Schoenebeck
Cc: qemu-devel, Greg Kurz, Stefano Stabellini, Anthony Perard,
Paul Durrant, open list:X86 Xen CPUs
On Fri, May 5, 2023 at 6:05 AM Christian Schoenebeck
<qemu_oss@crudebyte.com> wrote:
>
> Hi Jason,
>
> as this is a Xen specific change, I would like Stefano or another Xen
> developer to take a look at it, just few things from my side ...
>
> On Tuesday, May 2, 2023 4:37:22 PM CEST Jason Andryuk wrote:
> > xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
>
> Where exactly does it do that access? A backtrace or another detailed commit
> log description would help.
The segfault is down in the xen grant libraries during the free
callback. The call stack is roughly:
xen_pv_del_xendev(struct XenLegacyDevice *xendev)
xen_9pfs_free() (->free() callback)
xen_be_unmap_grant_refs(&xen_9pdev->xendev, ...)
qemu_xen_gnttab_unmap(xendev->gnttabdev, ...)
xengnttab_unmap(xgt, ...) <- segfault.
The device went through the "disconnect" state before free() is
called, so xen_be_disconnect() already ran which did:
if (xendev->gnttabdev) {
qemu_xen_gnttab_close(xendev->gnttabdev);
xendev->gnttabdev = NULL;
}
gnttabdev being used by xengnttab_unmap().
> > out when free is called. Do the teardown in _disconnect(). This
> > matches the setup done in _connect().
> >
> > trace-events are also added for the XenDevOps functions.
> >
> > Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> > ---
> > hw/9pfs/trace-events | 5 +++++
> > hw/9pfs/xen-9p-backend.c | 36 +++++++++++++++++++++++-------------
> > 2 files changed, 28 insertions(+), 13 deletions(-)
> >
> > diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
> > index 6c77966c0b..7b5b0b5a48 100644
> > --- a/hw/9pfs/trace-events
> > +++ b/hw/9pfs/trace-events
> > @@ -48,3 +48,8 @@ v9fs_readlink(uint16_t tag, uint8_t id, int32_t fid) "tag %d id %d fid %d"
> > v9fs_readlink_return(uint16_t tag, uint8_t id, char* target) "tag %d id %d name %s"
> > v9fs_setattr(uint16_t tag, uint8_t id, int32_t fid, int32_t valid, int32_t mode, int32_t uid, int32_t gid, int64_t size, int64_t atime_sec, int64_t mtime_sec) "tag %u id %u fid %d iattr={valid %d mode %d uid %d gid %d size %"PRId64" atime=%"PRId64" mtime=%"PRId64" }"
> > v9fs_setattr_return(uint16_t tag, uint8_t id) "tag %u id %u"
> > +
>
> Nit-picking; missing leading comment:
>
> # xen-9p-backend.c
Will do, thanks.
> > +xen_9pfs_alloc(char *name) "name %s"
> > +xen_9pfs_connect(char *name) "name %s"
> > +xen_9pfs_disconnect(char *name) "name %s"
> > +xen_9pfs_free(char *name) "name %s"
> > diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
> > index 0e266c552b..c646a0b3d1 100644
> > --- a/hw/9pfs/xen-9p-backend.c
> > +++ b/hw/9pfs/xen-9p-backend.c
> > @@ -25,6 +25,8 @@
> > #include "qemu/iov.h"
> > #include "fsdev/qemu-fsdev.h"
> >
> > +#include "trace.h"
> > +
> > #define VERSIONS "1"
> > #define MAX_RINGS 8
> > #define MAX_RING_ORDER 9
> > @@ -337,6 +339,8 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> > Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> > int i;
> >
> > + trace_xen_9pfs_disconnect(xendev->name);
> > +
> > for (i = 0; i < xen_9pdev->num_rings; i++) {
> > if (xen_9pdev->rings[i].evtchndev != NULL) {
> > qemu_set_fd_handler(qemu_xen_evtchn_fd(xen_9pdev->rings[i].evtchndev),
> > @@ -345,40 +349,42 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> > xen_9pdev->rings[i].local_port);
> > xen_9pdev->rings[i].evtchndev = NULL;
> > }
> > - }
> > -}
> > -
> > -static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> > -{
> > - Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> > - int i;
> > -
> > - if (xen_9pdev->rings[0].evtchndev != NULL) {
> > - xen_9pfs_disconnect(xendev);
> > - }
> > -
> > - for (i = 0; i < xen_9pdev->num_rings; i++) {
> > if (xen_9pdev->rings[i].data != NULL) {
> > xen_be_unmap_grant_refs(&xen_9pdev->xendev,
> > xen_9pdev->rings[i].data,
> > xen_9pdev->rings[i].intf->ref,
> > (1 << xen_9pdev->rings[i].ring_order));
> > + xen_9pdev->rings[i].data = NULL;
> > }
> > if (xen_9pdev->rings[i].intf != NULL) {
> > xen_be_unmap_grant_ref(&xen_9pdev->xendev,
> > xen_9pdev->rings[i].intf,
> > xen_9pdev->rings[i].ref);
> > + xen_9pdev->rings[i].intf = NULL;
> > }
> > if (xen_9pdev->rings[i].bh != NULL) {
> > qemu_bh_delete(xen_9pdev->rings[i].bh);
> > + xen_9pdev->rings[i].bh = NULL;
> > }
> > }
> >
> > g_free(xen_9pdev->id);
> > + xen_9pdev->id = NULL;
> > g_free(xen_9pdev->tag);
> > + xen_9pdev->tag = NULL;
> > g_free(xen_9pdev->path);
> > + xen_9pdev->path = NULL;
> > g_free(xen_9pdev->security_model);
> > + xen_9pdev->security_model = NULL;
> > g_free(xen_9pdev->rings);
> > + xen_9pdev->rings = NULL;
> > + return;
> > +}
> > +
> > +static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> > +{
> > + trace_xen_9pfs_free(xendev->name);
> > +
> > return 0;
> > }
>
> xen_9pfs_free() doing nothing, that doesn't look right to me. Wouldn't it make
> sense to turn xen_9pfs_free() idempotent instead?
The callbacks are:
.alloc = xen_9pfs_alloc,
.init = xen_9pfs_init,
.initialise = xen_9pfs_connect,
.disconnect = xen_9pfs_disconnect,
.free = xen_9pfs_free,
.initialise (connect) and .disconnect are matched operations. So
.disconnect should be cleaning up from .connect, which this patch
implements.
Also, neither xen_9pfs_alloc() nor xen_9pfs_init,() perform any
allocations, so that is why the .free callback is now empty.
Thanks for taking a look!
Regards,
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] 9pfs/xen: Fix segfault on shutdown
2023-05-02 14:37 [PATCH] 9pfs/xen: Fix segfault on shutdown Jason Andryuk
2023-05-04 13:30 ` Michael Tokarev
2023-05-05 10:05 ` Christian Schoenebeck
@ 2023-05-06 0:35 ` Stefano Stabellini
2023-05-11 14:37 ` Christian Schoenebeck
3 siblings, 0 replies; 6+ messages in thread
From: Stefano Stabellini @ 2023-05-06 0:35 UTC (permalink / raw)
To: Jason Andryuk
Cc: qemu-devel, Greg Kurz, Christian Schoenebeck, Stefano Stabellini,
Anthony Perard, Paul Durrant, open list:X86 Xen CPUs
On Tue, 2 May 2023, Jason Andryuk wrote:
> xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
> out when free is called. Do the teardown in _disconnect(). This
> matches the setup done in _connect().
>
> trace-events are also added for the XenDevOps functions.
>
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> hw/9pfs/trace-events | 5 +++++
> hw/9pfs/xen-9p-backend.c | 36 +++++++++++++++++++++++-------------
> 2 files changed, 28 insertions(+), 13 deletions(-)
>
> diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
> index 6c77966c0b..7b5b0b5a48 100644
> --- a/hw/9pfs/trace-events
> +++ b/hw/9pfs/trace-events
> @@ -48,3 +48,8 @@ v9fs_readlink(uint16_t tag, uint8_t id, int32_t fid) "tag %d id %d fid %d"
> v9fs_readlink_return(uint16_t tag, uint8_t id, char* target) "tag %d id %d name %s"
> v9fs_setattr(uint16_t tag, uint8_t id, int32_t fid, int32_t valid, int32_t mode, int32_t uid, int32_t gid, int64_t size, int64_t atime_sec, int64_t mtime_sec) "tag %u id %u fid %d iattr={valid %d mode %d uid %d gid %d size %"PRId64" atime=%"PRId64" mtime=%"PRId64" }"
> v9fs_setattr_return(uint16_t tag, uint8_t id) "tag %u id %u"
> +
> +xen_9pfs_alloc(char *name) "name %s"
> +xen_9pfs_connect(char *name) "name %s"
> +xen_9pfs_disconnect(char *name) "name %s"
> +xen_9pfs_free(char *name) "name %s"
> diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
> index 0e266c552b..c646a0b3d1 100644
> --- a/hw/9pfs/xen-9p-backend.c
> +++ b/hw/9pfs/xen-9p-backend.c
> @@ -25,6 +25,8 @@
> #include "qemu/iov.h"
> #include "fsdev/qemu-fsdev.h"
>
> +#include "trace.h"
> +
> #define VERSIONS "1"
> #define MAX_RINGS 8
> #define MAX_RING_ORDER 9
> @@ -337,6 +339,8 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> int i;
>
> + trace_xen_9pfs_disconnect(xendev->name);
> +
> for (i = 0; i < xen_9pdev->num_rings; i++) {
> if (xen_9pdev->rings[i].evtchndev != NULL) {
> qemu_set_fd_handler(qemu_xen_evtchn_fd(xen_9pdev->rings[i].evtchndev),
> @@ -345,40 +349,42 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice *xendev)
> xen_9pdev->rings[i].local_port);
> xen_9pdev->rings[i].evtchndev = NULL;
> }
> - }
> -}
> -
> -static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> -{
> - Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
> - int i;
> -
> - if (xen_9pdev->rings[0].evtchndev != NULL) {
> - xen_9pfs_disconnect(xendev);
> - }
> -
> - for (i = 0; i < xen_9pdev->num_rings; i++) {
> if (xen_9pdev->rings[i].data != NULL) {
> xen_be_unmap_grant_refs(&xen_9pdev->xendev,
> xen_9pdev->rings[i].data,
> xen_9pdev->rings[i].intf->ref,
> (1 << xen_9pdev->rings[i].ring_order));
> + xen_9pdev->rings[i].data = NULL;
> }
> if (xen_9pdev->rings[i].intf != NULL) {
> xen_be_unmap_grant_ref(&xen_9pdev->xendev,
> xen_9pdev->rings[i].intf,
> xen_9pdev->rings[i].ref);
> + xen_9pdev->rings[i].intf = NULL;
> }
> if (xen_9pdev->rings[i].bh != NULL) {
> qemu_bh_delete(xen_9pdev->rings[i].bh);
> + xen_9pdev->rings[i].bh = NULL;
> }
> }
>
> g_free(xen_9pdev->id);
> + xen_9pdev->id = NULL;
> g_free(xen_9pdev->tag);
> + xen_9pdev->tag = NULL;
> g_free(xen_9pdev->path);
> + xen_9pdev->path = NULL;
> g_free(xen_9pdev->security_model);
> + xen_9pdev->security_model = NULL;
> g_free(xen_9pdev->rings);
> + xen_9pdev->rings = NULL;
> + return;
NIT: this return is redudant.
Aside from that:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> +}
> +
> +static int xen_9pfs_free(struct XenLegacyDevice *xendev)
> +{
> + trace_xen_9pfs_free(xendev->name);
> +
> return 0;
> }
>
> @@ -390,6 +396,8 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
> V9fsState *s = &xen_9pdev->state;
> QemuOpts *fsdev;
>
> + trace_xen_9pfs_connect(xendev->name);
> +
> if (xenstore_read_fe_int(&xen_9pdev->xendev, "num-rings",
> &xen_9pdev->num_rings) == -1 ||
> xen_9pdev->num_rings > MAX_RINGS || xen_9pdev->num_rings < 1) {
> @@ -499,6 +507,8 @@ out:
>
> static void xen_9pfs_alloc(struct XenLegacyDevice *xendev)
> {
> + trace_xen_9pfs_alloc(xendev->name);
> +
> xenstore_write_be_str(xendev, "versions", VERSIONS);
> xenstore_write_be_int(xendev, "max-rings", MAX_RINGS);
> xenstore_write_be_int(xendev, "max-ring-page-order", MAX_RING_ORDER);
> --
> 2.40.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] 9pfs/xen: Fix segfault on shutdown
2023-05-02 14:37 [PATCH] 9pfs/xen: Fix segfault on shutdown Jason Andryuk
` (2 preceding siblings ...)
2023-05-06 0:35 ` Stefano Stabellini
@ 2023-05-11 14:37 ` Christian Schoenebeck
3 siblings, 0 replies; 6+ messages in thread
From: Christian Schoenebeck @ 2023-05-11 14:37 UTC (permalink / raw)
To: qemu-devel
Cc: Jason Andryuk, Greg Kurz, Stefano Stabellini, Anthony Perard,
Paul Durrant, open list:X86 Xen CPUs
On Tuesday, May 2, 2023 4:37:22 PM CEST Jason Andryuk wrote:
> xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
> out when free is called. Do the teardown in _disconnect(). This
> matches the setup done in _connect().
>
> trace-events are also added for the XenDevOps functions.
>
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> hw/9pfs/trace-events | 5 +++++
> hw/9pfs/xen-9p-backend.c | 36 +++++++++++++++++++++++-------------
> 2 files changed, 28 insertions(+), 13 deletions(-)
With aforementioned 2 minor changes, queued on 9p.next:
https://github.com/cschoenebeck/qemu/commits/9p.next
Thanks!
Best regards,
Christian Schoenebeck
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-05-11 14:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-02 14:37 [PATCH] 9pfs/xen: Fix segfault on shutdown Jason Andryuk
2023-05-04 13:30 ` Michael Tokarev
2023-05-05 10:05 ` Christian Schoenebeck
2023-05-05 15:47 ` Jason Andryuk
2023-05-06 0:35 ` Stefano Stabellini
2023-05-11 14:37 ` Christian Schoenebeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).