[PATCH] vdpa net: zero vhost_vdpa iova

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
@ 2023-09-13 12:34 Eugenio Pérez
  2023-09-14  3:23 ` Jason Wang
  2023-09-15  6:36 ` Si-Wei Liu
  0 siblings, 2 replies; 4+ messages in thread
From: Eugenio Pérez @ 2023-09-13 12:34 UTC (permalink / raw)
  To: qemu-devel
  Cc: Lei Yang, Shannon Nelson, Michael S. Tsirkin, Zhu Lingshan, yama,
	Hawkins Jiawei, Cindy Lu, Jason Wang, qemu-stable, Dragos Tatulea,
	si-wei.liu, Laurent Vivier

Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
net device restart.

This is caused because CVQ tries to reuse the iova_tree that is present
in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
As a consequence, it tries to access an iova_tree that has been already
free.

Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
Reported-by: Yanhui Ma <yama@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
 net/vhost-vdpa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 34202ca009..1714ff4b11 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
     dev = s->vhost_vdpa.dev;
     if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
         g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
+    } else {
+        s->vhost_vdpa.iova_tree = NULL;
     }
 }
 
-- 
2.39.3



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
  2023-09-13 12:34 [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup Eugenio Pérez
@ 2023-09-14  3:23 ` Jason Wang
  2023-09-14 11:03   ` Lei Yang
  2023-09-15  6:36 ` Si-Wei Liu
  1 sibling, 1 reply; 4+ messages in thread
From: Jason Wang @ 2023-09-14  3:23 UTC (permalink / raw)
  To: Eugenio Pérez
  Cc: qemu-devel, Lei Yang, Shannon Nelson, Michael S. Tsirkin,
	Zhu Lingshan, yama, Hawkins Jiawei, Cindy Lu, qemu-stable,
	Dragos Tatulea, si-wei.liu, Laurent Vivier

On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote:
>
> Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> net device restart.
>
> This is caused because CVQ tries to reuse the iova_tree that is present
> in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> As a consequence, it tries to access an iova_tree that has been already
> free.
>
> Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> Reported-by: Yanhui Ma <yama@redhat.com>
> Signed-off-by: Eugenio Pérez <eperezma@redhat.com>

Acked-by: Jason Wang <jasowang@redhat.com>

Thanks

> ---
>  net/vhost-vdpa.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> index 34202ca009..1714ff4b11 100644
> --- a/net/vhost-vdpa.c
> +++ b/net/vhost-vdpa.c
> @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
>      dev = s->vhost_vdpa.dev;
>      if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
>          g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> +    } else {
> +        s->vhost_vdpa.iova_tree = NULL;
>      }
>  }
>
> --
> 2.39.3
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
  2023-09-14  3:23 ` Jason Wang
@ 2023-09-14 11:03   ` Lei Yang
  0 siblings, 0 replies; 4+ messages in thread
From: Lei Yang @ 2023-09-14 11:03 UTC (permalink / raw)
  To: Eugenio Pérez
  Cc: qemu-devel, Shannon Nelson, Michael S. Tsirkin, Zhu Lingshan,
	yama, Hawkins Jiawei, Cindy Lu, qemu-stable, Dragos Tatulea,
	si-wei.liu, Laurent Vivier, Jason Wang

QE tested this patch with real nic,guest can works well after
cancelling migration.

Tested-by: Lei Yang <leiyang@redhat.com>

On Thu, Sep 14, 2023 at 11:23 AM Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote:
> >
> > Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> > net device restart.
> >
> > This is caused because CVQ tries to reuse the iova_tree that is present
> > in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> > As a consequence, it tries to access an iova_tree that has been already
> > free.
> >
> > Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> > Reported-by: Yanhui Ma <yama@redhat.com>
> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
>
> Acked-by: Jason Wang <jasowang@redhat.com>
>
> Thanks
>
> > ---
> >  net/vhost-vdpa.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> > index 34202ca009..1714ff4b11 100644
> > --- a/net/vhost-vdpa.c
> > +++ b/net/vhost-vdpa.c
> > @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
> >      dev = s->vhost_vdpa.dev;
> >      if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
> >          g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> > +    } else {
> > +        s->vhost_vdpa.iova_tree = NULL;
> >      }
> >  }
> >
> > --
> > 2.39.3
> >
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
  2023-09-13 12:34 [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup Eugenio Pérez
  2023-09-14  3:23 ` Jason Wang
@ 2023-09-15  6:36 ` Si-Wei Liu
  1 sibling, 0 replies; 4+ messages in thread
From: Si-Wei Liu @ 2023-09-15  6:36 UTC (permalink / raw)
  To: Eugenio Pérez, qemu-devel
  Cc: Lei Yang, Shannon Nelson, Michael S. Tsirkin, Zhu Lingshan, yama,
	Hawkins Jiawei, Cindy Lu, Jason Wang, qemu-stable, Dragos Tatulea,
	Laurent Vivier



On 9/13/2023 5:34 AM, Eugenio Pérez wrote:
> Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> net device restart.
>
> This is caused because CVQ tries to reuse the iova_tree that is present
> in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> As a consequence, it tries to access an iova_tree that has been already
> free.
>
> Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> Reported-by: Yanhui Ma <yama@redhat.com>
> Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
> ---
>   net/vhost-vdpa.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> index 34202ca009..1714ff4b11 100644
> --- a/net/vhost-vdpa.c
> +++ b/net/vhost-vdpa.c
> @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
>       dev = s->vhost_vdpa.dev;
>       if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
>           g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> +    } else {
> +        s->vhost_vdpa.iova_tree = NULL;
>       }
>   }
>   



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-09-15  6:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-13 12:34 [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup Eugenio Pérez
2023-09-14  3:23 ` Jason Wang
2023-09-14 11:03   ` Lei Yang
2023-09-15  6:36 ` Si-Wei Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).