diff mbox series

[v7,10/10] virtio-net: add peer_deleted check in virtio_net_handle_rx

Message ID 20210602034750.23377-11-lulu@redhat.com (mailing list archive)
State New, archived
Headers show
Series vhost-vdpa: add support for configure interrupt | expand

Commit Message

Cindy Lu June 2, 2021, 3:47 a.m. UTC
During the test, We found this function will continue running
while the peer is deleted, this will cause the crash. so add
check for this. this only exist in  machines type microvm

reproduce step :
load the VM with
qemu-system-x86_64 -M microvm
...
    -netdev tap,id=tap0,vhost=on,script=no,downscript=no \
    -device virtio-net-device,netdev=tap0 \
..
enter the VM's console
shutdown the VM
(gdb) bt

0  0x000055555595b926 in qemu_net_queue_flush (queue=0x0) at ../net/queue.c:275
1  0x0000555555a046ea in qemu_flush_or_purge_queued_packets (nc=0x555556ccb920, purge=false)
    at ../net/net.c:624
2  0x0000555555a04736 in qemu_flush_queued_packets (nc=0x555556ccb920) at ../net/net.c:637
3  0x0000555555ccc01a in virtio_net_handle_rx (vdev=0x555557360ed0, vq=0x7ffff40d6010)
    at ../hw/net/virtio-net.c:1401
4  0x0000555555ce907a in virtio_queue_notify_vq (vq=0x7ffff40d6010) at ../hw/virtio/virtio.c:2346
5  0x0000555555cec07c in virtio_queue_host_notifier_read (n=0x7ffff40d608c)
    at ../hw/virtio/virtio.c:3606
6  0x00005555560376ac in aio_dispatch_handler (ctx=0x555556a857e0, node=0x555556f013d0)
    at ../util/aio-posix.c:329
7  0x00005555560377a4 in aio_dispatch_ready_handlers (ctx=0x555556a857e0,
    ready_list=0x7fffffffdfe0) at ../util/aio-posix.c:359
8  0x0000555556038209 in aio_poll (ctx=0x555556a857e0, blocking=false) at ../util/aio-posix.c:662
9  0x0000555555e51c6f in monitor_cleanup () at ../monitor/monitor.c:637
10 0x0000555555d2d626 in qemu_cleanup () at ../softmmu/runstate.c:821
11 0x000055555585b19b in main (argc=21, argv=0x7fffffffe1c8, envp=0x7fffffffe278)

Signed-off-by: Cindy Lu <lulu@redhat.com>
---
 hw/net/virtio-net.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Jason Wang June 3, 2021, 6:58 a.m. UTC | #1
在 2021/6/2 上午11:47, Cindy Lu 写道:
> During the test, We found this function will continue running
> while the peer is deleted, this will cause the crash. so add
> check for this. this only exist in  machines type microvm


Any idea why it only happens on microvm?


>
> reproduce step :
> load the VM with
> qemu-system-x86_64 -M microvm
> ...
>      -netdev tap,id=tap0,vhost=on,script=no,downscript=no \
>      -device virtio-net-device,netdev=tap0 \
> ..
> enter the VM's console
> shutdown the VM
> (gdb) bt
>
> 0  0x000055555595b926 in qemu_net_queue_flush (queue=0x0) at ../net/queue.c:275


So which piece of code trigger this? When the nc has a NIC peer we don't 
free it until the NIC is freed.


> 1  0x0000555555a046ea in qemu_flush_or_purge_queued_packets (nc=0x555556ccb920, purge=false)
>      at ../net/net.c:624
> 2  0x0000555555a04736 in qemu_flush_queued_packets (nc=0x555556ccb920) at ../net/net.c:637
> 3  0x0000555555ccc01a in virtio_net_handle_rx (vdev=0x555557360ed0, vq=0x7ffff40d6010)
>      at ../hw/net/virtio-net.c:1401
> 4  0x0000555555ce907a in virtio_queue_notify_vq (vq=0x7ffff40d6010) at ../hw/virtio/virtio.c:2346
> 5  0x0000555555cec07c in virtio_queue_host_notifier_read (n=0x7ffff40d608c)
>      at ../hw/virtio/virtio.c:3606
> 6  0x00005555560376ac in aio_dispatch_handler (ctx=0x555556a857e0, node=0x555556f013d0)
>      at ../util/aio-posix.c:329
> 7  0x00005555560377a4 in aio_dispatch_ready_handlers (ctx=0x555556a857e0,
>      ready_list=0x7fffffffdfe0) at ../util/aio-posix.c:359
> 8  0x0000555556038209 in aio_poll (ctx=0x555556a857e0, blocking=false) at ../util/aio-posix.c:662
> 9  0x0000555555e51c6f in monitor_cleanup () at ../monitor/monitor.c:637
> 10 0x0000555555d2d626 in qemu_cleanup () at ../softmmu/runstate.c:821
> 11 0x000055555585b19b in main (argc=21, argv=0x7fffffffe1c8, envp=0x7fffffffe278)
>
> Signed-off-by: Cindy Lu <lulu@redhat.com>
> ---
>   hw/net/virtio-net.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 02033be748..927a808654 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1397,7 +1397,9 @@ static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
>   {
>       VirtIONet *n = VIRTIO_NET(vdev);
>       int queue_index = vq2q(virtio_get_queue_index(vq));
> -
> +    if (n->nic->peer_deleted) {
> +        return;


This needs to be fixed in the network core instead of virtio-net.

Thanks


> +    }
>       qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
>   }
>
Cindy Lu June 7, 2021, 6:20 a.m. UTC | #2
On Thu, Jun 3, 2021 at 2:58 PM Jason Wang <jasowang@redhat.com> wrote:

>
> 在 2021/6/2 上午11:47, Cindy Lu 写道:
> > During the test, We found this function will continue running
> > while the peer is deleted, this will cause the crash. so add
> > check for this. this only exist in  machines type microvm
>
>
> Any idea why it only happens on microvm?
>
>
> >
> > reproduce step :
> > load the VM with
> > qemu-system-x86_64 -M microvm
> > ...
> >      -netdev tap,id=tap0,vhost=on,script=no,downscript=no \
> >      -device virtio-net-device,netdev=tap0 \
> > ..
> > enter the VM's console
> > shutdown the VM
> > (gdb) bt
> >
> > 0  0x000055555595b926 in qemu_net_queue_flush (queue=0x0) at
> ../net/queue.c:275
>
>
> So which piece of code trigger this? When the nc has a NIC peer we don't
> free it until the NIC is freed.
>
>
> > 1  0x0000555555a046ea in qemu_flush_or_purge_queued_packets
> (nc=0x555556ccb920, purge=false)
> >      at ../net/net.c:624
> > 2  0x0000555555a04736 in qemu_flush_queued_packets (nc=0x555556ccb920)
> at ../net/net.c:637
> > 3  0x0000555555ccc01a in virtio_net_handle_rx (vdev=0x555557360ed0,
> vq=0x7ffff40d6010)
> >      at ../hw/net/virtio-net.c:1401
> > 4  0x0000555555ce907a in virtio_queue_notify_vq (vq=0x7ffff40d6010) at
> ../hw/virtio/virtio.c:2346
> > 5  0x0000555555cec07c in virtio_queue_host_notifier_read
> (n=0x7ffff40d608c)
> >      at ../hw/virtio/virtio.c:3606
> > 6  0x00005555560376ac in aio_dispatch_handler (ctx=0x555556a857e0,
> node=0x555556f013d0)
> >      at ../util/aio-posix.c:329
> > 7  0x00005555560377a4 in aio_dispatch_ready_handlers (ctx=0x555556a857e0,
> >      ready_list=0x7fffffffdfe0) at ../util/aio-posix.c:359
> > 8  0x0000555556038209 in aio_poll (ctx=0x555556a857e0, blocking=false)
> at ../util/aio-posix.c:662
> > 9  0x0000555555e51c6f in monitor_cleanup () at ../monitor/monitor.c:637
> > 10 0x0000555555d2d626 in qemu_cleanup () at ../softmmu/runstate.c:821
> > 11 0x000055555585b19b in main (argc=21, argv=0x7fffffffe1c8,
> envp=0x7fffffffe278)
> >
> > Signed-off-by: Cindy Lu <lulu@redhat.com>
> > ---
> >   hw/net/virtio-net.c | 4 +++-
> >   1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> > index 02033be748..927a808654 100644
> > --- a/hw/net/virtio-net.c
> > +++ b/hw/net/virtio-net.c
> > @@ -1397,7 +1397,9 @@ static void virtio_net_handle_rx(VirtIODevice
> *vdev, VirtQueue *vq)
> >   {
> >       VirtIONet *n = VIRTIO_NET(vdev);
> >       int queue_index = vq2q(virtio_get_queue_index(vq));
> > -
> > +    if (n->nic->peer_deleted) {
> > +        return;
>
>
> This needs to be fixed in the network core instead of virtio-net.
>
> Thanks
>
>
> sure I will fix this problem

> > +    }
> >       qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
> >   }
> >
>
>
diff mbox series

Patch

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 02033be748..927a808654 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1397,7 +1397,9 @@  static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
 {
     VirtIONet *n = VIRTIO_NET(vdev);
     int queue_index = vq2q(virtio_get_queue_index(vq));
-
+    if (n->nic->peer_deleted) {
+        return;
+    }
     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
 }