From patchwork Fri Nov  3 10:26:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Hajnoczi <stefanha@gmail.com>
X-Patchwork-Id: 10039793
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B5173602DA for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri,  3 Nov 2017 10:27:16 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9118E2958E
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri,  3 Nov 2017 10:27:16 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 84A3329598; Fri,  3 Nov 2017 10:27:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 168332958E
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri,  3 Nov 2017 10:27:15 +0000 (UTC)
Received: from localhost ([::1]:35819 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1eAZBx-0005hu-7g for patchwork-qemu-devel@patchwork.kernel.org;
	Fri, 03 Nov 2017 06:27:13 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44649)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1eAZBJ-0005hg-F6
	for qemu-devel@nongnu.org; Fri, 03 Nov 2017 06:26:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1eAZBF-0006pT-CU
	for qemu-devel@nongnu.org; Fri, 03 Nov 2017 06:26:33 -0400
Received: from mail-wr0-x22a.google.com ([2a00:1450:400c:c0c::22a]:51290)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <stefanha@gmail.com>)
	id 1eAZBF-0006mq-3m; Fri, 03 Nov 2017 06:26:29 -0400
Received: by mail-wr0-x22a.google.com with SMTP id j15so2065547wre.8;
	Fri, 03 Nov 2017 03:26:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-disposition:in-reply-to:user-agent;
	bh=z0VhRXDaMlh6Qcnlsn+ldBYFDorX3xu43ork6gsKVjY=;
	b=GILZqjRZoaQzsJF/JHrPRqA39mI1O/MfvE9mYm5AWqco8xYLNQg0ZV80+gJxlsON0J
	sf+GS1GFH7prEfeoyvDsmA3iAiLgEeP+3mlv7ROPuKWsyyLJ9/IpCbkFd0wNmmuzK6EA
	ErY51J/5xM9FLtk+ikG/TbhwfpM/npnkR7Fsyn0wk5GIGQYYTnflcAbPZ5IspGl0Vt0C
	BpYLEKRIFUnerLj+34FTzi6oA7V1itGjWW2LmJRU/1jxTOgZXHRcv1+vteKbWmvrvvX9
	ZFxzDQRzn35Tw9qGvNB58HDFnjelZ5we3kZC0eimkEfwWSEt5LW6K+j88JDbDusvzdMR
	jOrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=z0VhRXDaMlh6Qcnlsn+ldBYFDorX3xu43ork6gsKVjY=;
	b=IHacPzBs6P+29+PlEwGBfXX8ewFO9htwGP47tlIs28UQM2XsKjjyJJFpAmq1CjEkHx
	DO3vHYWsBdPjE9sLQ0X3QZErtnhBtfscQiGYq4IzSHeW5so7KtomHH+iGd5RrH5IUG00
	4zs2rEQFHf4yd904sUBneoQoKcye7Sm9pgcCLelAt9hAYqGnu25cjBP6/gLC5nALXQgo
	RAIpeu63kVkuDB+nOhBdkJg1yYr9r8MPFJYhgFFAkQYwwqYYnmQe/HPI0FLuvW3sttSS
	4aNuHNdmOJ7kc9rvECgSx1SRtI3t76KfBr2IjFrF1w4/YfO346uUmsOGkGR4GXBxMrt5
	3cEQ==
X-Gm-Message-State: AMCzsaX71yToQZIktmf72ejWN1o6S4VUsj89Ak4E+exU58WwqOdC94YV
	67L4Jzx/eRcaHOHHgsVZNvE=
X-Google-Smtp-Source: 
 ABhQp+QkG8yTks+kVQ2N7H/Or80jxeKRUQ4JKBKyjyZ727rJMRimqaw6jFuhTjB74rBMnLElbfX42w==
X-Received: by 10.223.172.245 with SMTP id
	o108mr5970104wrc.122.1509704788028;
	Fri, 03 Nov 2017 03:26:28 -0700 (PDT)
Received: from localhost ([51.15.41.238]) by smtp.gmail.com with ESMTPSA id
	q7sm4734346wrg.97.2017.11.03.03.26.26
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Fri, 03 Nov 2017 03:26:27 -0700 (PDT)
Date: Fri, 3 Nov 2017 10:26:26 +0000
From: Stefan Hajnoczi <stefanha@gmail.com>
To: lizhengui <lizhengui@huawei.com>
Message-ID: <20171103102626.GH5078@stefanha-x1.localdomain>
References: 
 <68B56AECEFB25A418ADB9417F6178A531091A91B@dggemi507-mbs.china.huawei.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: 
 <68B56AECEFB25A418ADB9417F6178A531091A91B@dggemi507-mbs.china.huawei.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::22a
Subject: Re: [Qemu-devel]
	=?utf-8?q?=5BQemu-block=5D_question=EF=BC=9A_I_foun?=
	=?utf-8?q?d_a_qemu_crash_when_attach_virtio-scsi_disk?=
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: "kwolf@redhat.com" <kwolf@redhat.com>,
	"qemu-block@nongnu.org" <qemu-block@nongnu.org>,
	"Fangyi \(C\)" <eric.fangyi@huawei.com>,
	"jcody@redhat.com" <jcody@redhat.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"mreitz@redhat.com" <mreitz@redhat.com>,
	"pbonzini@redhat.com" <pbonzini@redhat.com>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

On Wed, Nov 01, 2017 at 06:42:33AM +0000, lizhengui wrote:
> Hi, when I attach virtio-scsi disk to VM, the qemu crash happened at very low probability. 
> 
> The qemu crash bt is below:
> 
> #0  0x00007f2be3ada1d7 in raise () from /usr/lib64/libc.so.6
> #1  0x00007f2be3adb8c8 in abort () from /usr/lib64/libc.so.6
> #2  0x000000000084fe49 in PAT_abort ()
> #3  0x000000000084ce8d in patchIllInsHandler ()
> #4  <signal handler called>
> #5  0x00000000008228bb in qemu_strnlen ()
> #6  0x0000000000822934 in strpadcpy ()
> #7  0x0000000000684a88 in scsi_disk_emulate_inquiry ()
> #8  0x000000000068744b in scsi_disk_emulate_command ()
> #9  0x000000000068c481 in scsi_req_enqueue ()
> #10 0x00000000004b1f00 in virtio_scsi_handle_cmd_req_submit ()
> #11 0x00000000004b2e9e in virtio_scsi_handle_cmd_vq ()
> #12 0x000000000076dba7 in aio_dispatch ()
> #13 0x000000000076dd96 in aio_poll ()
> #14 0x00000000007a8673 in blk_prw ()
> #15 0x00000000007a922c in blk_pread ()
> #16 0x00000000007a9cd0 in blk_pread_unthrottled ()
> #17 0x00000000005cb404 in guess_disk_lchs ()
> #18 0x00000000005cb5b4 in hd_geometry_guess ()
> #19 0x00000000005cad56 in blkconf_geometry ()
> #20 0x0000000000685956 in scsi_realize ()
> #21 0x000000000068d3e3 in scsi_qdev_realize ()
> #22 0x00000000005e3938 in device_set_realized ()
> #23 0x000000000075bced in property_set_bool ()
> #24 0x0000000000760205 in object_property_set_qobject ()
> #25 0x000000000075df64 in object_property_set_bool ()
> #26 0x00000000005580ad in qdev_device_add ()
> #27 0x000000000055850b in qmp_device_add ()
> #28 0x0000000000818b37 in do_qmp_dispatch.constprop.1 ()
> #29 0x0000000000818d8b in qmp_dispatch ()
> #30 0x000000000045d212 in handle_qmp_command ()
> #31 0x000000000081f819 in json_message_process_token ()
> #32 0x00000000008434d0 in json_lexer_feed_char ()
> #33 0x00000000008435e6 in json_lexer_feed ()
> #34 0x000000000045bd72 in monitor_qmp_read ()
> #35 0x000000000055ecf3 in tcp_chr_read ()
> #36 0x00007f2be4cf899a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
> #37 0x000000000076b86b in os_host_main_loop_wait ()
> #38 0x000000000076b995 in main_loop_wait ()
> #39 0x0000000000569c51 in main_loop ()
> #40 0x0000000000420665 in main ()
> 
> From the qemu crash bt, we can see that the scsi_realize has not completed yet. Some fields sush as vendor, version in SCSIDiskState is 
> Null at this moment. If qemu handles scsi request from this scsi disk at this moment, the qemu will access some null pointers and cause crash.
> How can I solve this problem? Should we add a check that whether the scsi disk has realized or not in scsi_disk_emulate_command before
> Handling scsi requests? 

Please try this patch:

diff --git a/hw/block/block.c b/hw/block/block.c
index 27878d0087..df99ddb899 100644
--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -120,9 +120,16 @@ void blkconf_geometry(BlockConf *conf, int *ptrans,
         }
     }
     if (!conf->cyls && !conf->heads && !conf->secs) {
+        AioContext *ctx = blk_get_aio_context(conf->blk);
+
+        /* Callers may not expect this function to dispatch aio handlers, so
+         * disable external aio such as guest device emulation.
+         */
+        aio_disable_external(ctx);
         hd_geometry_guess(conf->blk,
                           &conf->cyls, &conf->heads, &conf->secs,
                           ptrans);
+        aio_enable_external(ctx);
     } else if (ptrans && *ptrans == BIOS_ATA_TRANSLATION_AUTO) {
         *ptrans = hd_bios_chs_auto_trans(conf->cyls, conf->heads, conf->secs);
     }