From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43642) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMZP5-0006y2-Ah for qemu-devel@nongnu.org; Mon, 11 Jul 2016 07:29:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bMZP1-0002wR-11 for qemu-devel@nongnu.org; Mon, 11 Jul 2016 07:29:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56519) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMZP0-0002wK-Rb for qemu-devel@nongnu.org; Mon, 11 Jul 2016 07:29:30 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3BBA9627C5 for ; Mon, 11 Jul 2016 11:29:30 +0000 (UTC) References: <1467991671-93391-1-git-send-email-pbonzini@redhat.com> <578361B2.3040608@redhat.com> <7739c201-5561-2a00-1710-287236927a19@redhat.com> <578381B1.60807@redhat.com> From: Paolo Bonzini Message-ID: <69e54b53-afa4-c0e7-73b7-8d6e74ac864e@redhat.com> Date: Mon, 11 Jul 2016 13:29:16 +0200 MIME-Version: 1.0 In-Reply-To: <578381B1.60807@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH] net: cleanup before character devices List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wang , qemu-devel@nongnu.org Cc: =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= On 11/07/2016 13:23, Jason Wang wrote: >=20 >=20 > On 2016=E5=B9=B407=E6=9C=8811=E6=97=A5 17:18, Paolo Bonzini wrote: >> >> On 11/07/2016 11:06, Jason Wang wrote: >>> >>> On 2016=E5=B9=B407=E6=9C=8808=E6=97=A5 23:27, Paolo Bonzini wrote: >>>> Otherwise, vhost-user causes a use-after-free. >>>> >>>> Signed-off-by: Paolo Bonzini >>>> --- >>>> vl.c | 6 +++--- >>>> 1 file changed, 3 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/vl.c b/vl.c >>>> index d0b9ff9..005162d 100644 >>>> --- a/vl.c >>>> +++ b/vl.c >>>> @@ -4327,9 +4327,6 @@ int main(int argc, char **argv, char **envp) >>>> qemu_opts_del(icount_opts); >>>> } >>>> - /* clean up network at qemu process termination */ >>>> - atexit(&net_cleanup); >>>> - >>>> if (default_net) { >>>> QemuOptsList *net =3D qemu_find_opts("net"); >>>> qemu_opts_set(net, NULL, "type", "nic", &error_abort); >>>> @@ -4596,6 +4593,9 @@ int main(int argc, char **argv, char **envp) >>>> #ifdef CONFIG_TPM >>>> tpm_cleanup(); >>>> #endif >>>> + >>>> + /* vhost-user must be cleaned up before chardevs. */ >>>> + net_cleanup(); >>>> qemu_chr_cleanup(); >>>> return 0; >>> Patch does not seems to be applied on master. Which tree is this patc= h >>> based? >> It's applied on top of Marc-Andr=C3=A9's character device cleanup seri= es. >=20 > Ok, but looks like the issue we tried to solve with commit > f30dbae63a46f23116715dff8d130c7d01ff02be will appear again? You're right. :/ Marc-Andr=C3=A9, I think a possible solution is this: 1) add a Notifier to struct TAPState and register it with qemu_add_exit_notifier. The notifier, when called, invokes the down_scri= pt. 2) in tap_cleanup, invoke the down_script and unregister the notifier with qemu_remove_exit_notifier. Can you implement this? Paolo