From patchwork Wed Apr 15 03:28:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Feng X-Patchwork-Id: 11489669 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1610913 for ; Wed, 15 Apr 2020 03:30:29 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B66232078B for ; Wed, 15 Apr 2020 03:30:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=smartx-com.20150623.gappssmtp.com header.i=@smartx-com.20150623.gappssmtp.com header.b="kUdN+5+U" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B66232078B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=smartx.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:42262 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOYku-0007S5-Vf for patchwork-qemu-devel@patchwork.kernel.org; Tue, 14 Apr 2020 23:30:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47527) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOYie-0003qx-Ml for qemu-devel@nongnu.org; Tue, 14 Apr 2020 23:28:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOYid-0003Te-Kj for qemu-devel@nongnu.org; Tue, 14 Apr 2020 23:28:08 -0400 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]:41445) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jOYid-0003Sl-G3 for qemu-devel@nongnu.org; Tue, 14 Apr 2020 23:28:07 -0400 Received: by mail-pg1-x542.google.com with SMTP id h69so874301pgc.8 for ; Tue, 14 Apr 2020 20:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:to:cc:subject:date:message-id:in-reply-to :references:content-transfer-encoding; bh=TwgnJmPadU3PRD+Wik0Nx8aB1MFbEI3Wplly0TQHwwk=; b=kUdN+5+Uw4a2c+bhi313HV5e51yUFB6NmuLD9wajdjuyUgtmuvKwRADQxgZ1j6Rc5N JDkEz5aco2ScDAh9NWjqQe+/2u3uIOZH3QrC9eEtyuD2OKMZMx5V6Iy4C7nOg8IFI4EF BjNK7zkfnfJuoc1nyjVpiC3Xvn5LEhEtSfRwqxBD3fRxxYQXygFeDfZScq9okIshyMNM 64ro/0/DlRILQ6WkRAWEHw3GjUbMoSs8wurEpE8dXcGbZu95l3zv3P8oDrdKc7DVAUks W50AW+w+rZAyrEK3tr6zdOMpUth3axOavXa/F8vfWlaveNnckSf9z3UTxfepbVXRFYhe Xgcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :in-reply-to:references:content-transfer-encoding; bh=TwgnJmPadU3PRD+Wik0Nx8aB1MFbEI3Wplly0TQHwwk=; b=G9PEaSI3urnu7Jxoka2eUR4arL062aJxPdg5h1Obg8DoW2tWlW2xW1XDVU86TycWhD VaExuSXTZ6ItOV3kli8PqbbPqmmYWG3PUgLz/VRGW1H0bYO3c/sNxEg5H6bdINs6QzlL GNP/k7aIyNg+cYALI/yDDAMWnNj7ezf2Q80js+lL0TPMeIZZFdm3G0BCPGHd7VaQemgD ociVKZ/maOdCBHlpYwfX3Ojs8mdJTyhFCBwr4TWDxfJBiGOoZVZxAKKjvZRqBCHqtTd+ o9WiNbe36mZB3KP6AlcAgGGncBrbIA3yyilZa0ZmyDICVJwIp+UC27rtFR+WwjOIu/Ng sOMg== MIME-Version: 1.0 X-Gm-Message-State: AGi0PuZf3V3b6rpdg3TnTy+ElHnmY3cfBThOvs5phUKMs9BW9AdmxZzt O4yOxzSMzN9Gc2khXDcjQ4kpGXg/RMZ7wqBTX/UgseuSnT/usPncrGdXQSH58a3raz1KmiAfoXu GpgYIOHlm X-Google-Smtp-Source: APiQypJV/JQFC25bGpCrV2bQ7xJrTDyM/NxV0I+OcWIy8Vcn9GO4JkuiF3SrPfKkYjnkuTp200CbcQ== X-Received: by 2002:a63:2e44:: with SMTP id u65mr6130125pgu.142.1586921285512; Tue, 14 Apr 2020 20:28:05 -0700 (PDT) Received: from 31_216.localdomain ([47.240.167.159]) by smtp.gmail.com with ESMTPSA id d21sm5915061pjs.3.2020.04.14.20.28.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Apr 2020 20:28:04 -0700 (PDT) From: Li Feng To: kyle@smartx.com, Raphael Norwitz , "Michael S. Tsirkin" , Kevin Wolf , Max Reitz , qemu-block@nongnu.org (open list:Block layer core), qemu-devel@nongnu.org (open list:All patches CC here) Subject: [PATCH 1/4] vhost-user-blk: delay vhost_user_blk_disconnect Date: Wed, 15 Apr 2020 11:28:23 +0800 Message-Id: <20200415032826.16701-2-fengli@smartx.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20200415032826.16701-1-fengli@smartx.com> References: <20200415032826.16701-1-fengli@smartx.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::542 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Feng Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Since commit b0a335e351103bf92f3f9d0bd5759311be8156ac, a socket write may trigger a disconnect events, calling vhost_user_blk_disconnect() and clearing all the vhost_dev strutures. Then the next socket read will encounter an invalid pointer to vhost_dev. Signed-off-by: Li Feng --- hw/block/vhost-user-blk.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c index 17df5338e7..776b9af3eb 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -349,11 +349,24 @@ static void vhost_user_blk_disconnect(DeviceState *dev) vhost_dev_cleanup(&s->dev); } +static void vhost_user_blk_event(void *opaque, QEMUChrEvent event); + +static void vhost_user_blk_chr_closed_bh(void *opaque) +{ + DeviceState *dev = opaque; + VirtIODevice *vdev = VIRTIO_DEVICE(dev); + VHostUserBlk *s = VHOST_USER_BLK(vdev); + vhost_user_blk_disconnect(dev); + qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event, + NULL, (void *)dev, NULL, true); +} + static void vhost_user_blk_event(void *opaque, QEMUChrEvent event) { DeviceState *dev = opaque; VirtIODevice *vdev = VIRTIO_DEVICE(dev); VHostUserBlk *s = VHOST_USER_BLK(vdev); + AioContext *ctx; switch (event) { case CHR_EVENT_OPENED: @@ -363,7 +376,16 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event) } break; case CHR_EVENT_CLOSED: - vhost_user_blk_disconnect(dev); + /* + * a close event may happen during a read/write, but vhost + * code assumes the vhost_dev remains setup, so delay the + * stop & clear to idle. + */ + ctx = qemu_get_current_aio_context(); + + qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, NULL, + NULL, NULL, NULL, false); + aio_bh_schedule_oneshot(ctx, vhost_user_blk_chr_closed_bh, opaque); break; case CHR_EVENT_BREAK: case CHR_EVENT_MUX_IN: