qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: David Woodhouse <dwmw2@infradead.org>
To: qemu-devel@nongnu.org
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
	Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	Eduardo Habkost <eduardo@habkost.net>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Anthony Perard <anthony.perard@citrix.com>,
	Paul Durrant <paul@xen.org>, Jason Wang <jasowang@redhat.com>,
	xen-devel@lists.xenproject.org
Subject: Re: [PATCH 3/4] [WTF] avoid qemu_del_nic() in xen_netdev_unrealize() on shutdown
Date: Tue, 17 Oct 2023 19:56:54 +0100	[thread overview]
Message-ID: <f64ef83452a2366aa3458dd49963cb8730a68ecd.camel@infradead.org> (raw)
In-Reply-To: <20231017182545.97973-4-dwmw2@infradead.org>

[-- Attachment #1: Type: text/plain, Size: 2624 bytes --]

On Tue, 2023-10-17 at 19:25 +0100, David Woodhouse wrote:
> From: David Woodhouse <dwmw@amazon.co.uk>
> 
> When QEMU is exiting, qemu_cleanup() calls net_cleanup(), which deletes
> the NIC from underneath the xen-net-device. When xen_netdev_unrealize()
> is later called via the xenbus exit notifier, it crashes.
> 
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> ---
>  hw/net/xen_nic.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
> index 84914c329c..8d25fb3101 100644
> --- a/hw/net/xen_nic.c
> +++ b/hw/net/xen_nic.c
> @@ -25,6 +25,8 @@
>  #include "qapi/qmp/qdict.h"
>  #include "qapi/error.h"
>  
> +#include "sysemu/runstate.h"
> +
>  #include <sys/socket.h>
>  #include <sys/ioctl.h>
>  #include <sys/wait.h>
> @@ -530,7 +532,11 @@ static void xen_netdev_unrealize(XenDevice *xendev)
>      /* Disconnect from the frontend in case this has not already happened */
>      xen_netdev_disconnect(xendev, NULL);
>  
> -    if (netdev->nic) {
> +    /*
> +     * WTF? In RUN_STATE_SHUTDOWN, qemu_cleanup()→net_cleanup() already deleted
> +     * our NIC from underneath us!
> +     */
> +    if (netdev->nic && !runstate_check(RUN_STATE_SHUTDOWN)) {
>          qemu_del_nic(netdev->nic);
>      }
>  }

I wonder if this is the better answer? There's no point deleting the
*NICs*, is there? It's the other net clients we really want to clean
up?

--- a/net/net.c
+++ b/net/net.c
@@ -1499,18 +1499,22 @@ static void net_vm_change_state_handler(void *opaque, bool running,
 
 void net_cleanup(void)
 {
-    NetClientState *nc;
+    NetClientState *nc, **p = &net_clients.tqh_first;
 
     /*cleanup colo compare module for COLO*/
     colo_compare_cleanup();
 
-    /* We may del multiple entries during qemu_del_net_client(),
-     * so QTAILQ_FOREACH_SAFE() is also not safe here.
+    /*
+     * We may del multiple entries during qemu_del_net_client(), so
+     * QTAILQ_FOREACH_SAFE() is not safe here. The only safe pointer
+     * to keep is a NET_CLIENT_DRIVER_NIC entry, as we don't want
+     * to delete those (we'd upset the devices which own them, if we
+     * did).
      */
-    while (!QTAILQ_EMPTY(&net_clients)) {
-        nc = QTAILQ_FIRST(&net_clients);
+    while (*p) {
+        nc = *p;
         if (nc->info->type == NET_CLIENT_DRIVER_NIC) {
-            qemu_del_nic(qemu_get_nic(nc));
+            p = &nc->next.tqe_next;
         } else {
             qemu_del_net_client(nc);
         }


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5965 bytes --]

  reply	other threads:[~2023-10-17 18:57 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-17 18:25 [PATCH 0/4] Update QEMU qnic driver to "new" XenDevice model David Woodhouse
2023-10-17 18:25 ` [PATCH 1/4] hw/xen: only remove peers of PCI NICs on unplug David Woodhouse
2023-10-24 14:32   ` Paul Durrant
2023-10-24 15:22     ` David Woodhouse
2023-10-17 18:25 ` [PATCH 2/4] hw/xen: update Xen PV NIC to XenDevice model David Woodhouse
2023-10-24 14:47   ` Paul Durrant
2023-10-24 15:17     ` David Woodhouse
2023-10-24 16:16       ` Paul Durrant
2023-10-25  7:49     ` David Woodhouse
2023-10-17 18:25 ` [PATCH 3/4] [WTF] avoid qemu_del_nic() in xen_netdev_unrealize() on shutdown David Woodhouse
2023-10-17 18:56   ` David Woodhouse [this message]
2023-10-17 18:25 ` [PATCH 4/4] hw/i386/pc: support '-nic' for xen-net-device David Woodhouse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f64ef83452a2366aa3458dd49963cb8730a68ecd.camel@infradead.org \
    --to=dwmw2@infradead.org \
    --cc=anthony.perard@citrix.com \
    --cc=eduardo@habkost.net \
    --cc=jasowang@redhat.com \
    --cc=marcel.apfelbaum@gmail.com \
    --cc=mst@redhat.com \
    --cc=paul@xen.org \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).