From patchwork Thu Jan 12 05:55:37 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?6buE5reu?= <h158309@126.com>
X-Patchwork-Id: 9512181
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9A0CA601E7 for <patchwork-qemu-devel@patchwork.kernel.org>;
	Thu, 12 Jan 2017 06:26:44 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8A8F8285DC
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Thu, 12 Jan 2017 06:26:44 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7D88028635; Thu, 12 Jan 2017 06:26:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CB729285DC
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Thu, 12 Jan 2017 06:26:43 +0000 (UTC)
Received: from localhost ([::1]:59997 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1cRYqP-0002eg-9b for patchwork-qemu-devel@patchwork.kernel.org;
	Thu, 12 Jan 2017 01:26:41 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57768)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h158309@126.com>) id 1cRYq6-0002eb-Ge
	for qemu-devel@nongnu.org; Thu, 12 Jan 2017 01:26:24 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <h158309@126.com>) id 1cRYq1-0003rX-FW
	for qemu-devel@nongnu.org; Thu, 12 Jan 2017 01:26:22 -0500
Received: from m15-38.126.com ([220.181.15.38]:45533)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h158309@126.com>) id 1cRYq0-0003rL-78
	for qemu-devel@nongnu.org; Thu, 12 Jan 2017 01:26:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com;
	s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=01Hb5
	F9InAqBhvWVsGl9NIApUxDCKd62eAhnlFm70Jg=; b=O4+kO8a3vH+UtjcD3Ogre
	Tp6J8n/U7h9mYpldhU1WrVkedlB3xpBiCSxRCl50KH/rvR2/4IN6zyN0hVW74jog
	+uM3nommOeO9EnCYDUdUhpKeOO/yiqEnT9zSBonZNF53rsOvuK5ku2btgFQ5HPSG
	DC+w068apc4D7Ey74cTTfo=
Received: from h158309$126.com ( [103.29.140.58] ) by ajax-webmail-wmsvr38
	(Coremail) ; Thu, 12 Jan 2017 13:55:37 +0800 (CST)
X-Originating-IP: [103.29.140.58]
Date: Thu, 12 Jan 2017 13:55:37 +0800 (CST)
From: =?GBK?B?u8a7tA==?= <h158309@126.com>
To: =?GBK?Q?Marc-Andr=A8=A6_Lureau?= <marcandre.lureau@gmail.com>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build
	20160729(86883.8884) Copyright (c) 2002-2017 www.mailtech.cn 126com
In-Reply-To: 
 <CAJ+F1CK8PwREJRVdBwFdt-nK-X1yE69Lg6Bzz4ouKjsVCnhcCA@mail.gmail.com>
References: <32da9f1f.9022.1598ccf96ce.Coremail.h158309@126.com>
	<CAJ+F1CK8PwREJRVdBwFdt-nK-X1yE69Lg6Bzz4ouKjsVCnhcCA@mail.gmail.com>
X-CM-CTRLDATA: pR+9Y2Zvb3Rlcl9odG09MTQzNzc6NTY=
MIME-Version: 1.0
Message-ID: <215f62a9.521a.159913eedbc.Coremail.h158309@126.com>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: JsqowAB3dmdaGndYl8vCAA--.17007W
X-CM-SenderInfo: rkrvmjiqz6ij2wof0z/1tbiLRpdNVhgxW1UFAABsO
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 220.181.15.38
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
Subject: Re: [Qemu-devel] vhost-user: fix crash when chardev-remove
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: qemu-devel@nongnu.org
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Hi 
I tested  on qemu-2.7.1 release version.


test case:
1. host run ovs-dpdk.  start  vhost-user mode vm
2. chardev-add socket,id=char-client-002-2,path=/usr/local/var/run/openvswitch/client-002-2,server=on

    netdev_add vhost-user,id=client-002-2, ,chardev=char-client-002-2,vhostforce=on

    device_add virtio-net-pci,netdev=client-002-2,mac=00:22:79:29:d2:6c,id=netdev-client-002-2 
   ... wait 10 s
    device_del  netdev-client-002-2
    netdev_del  client-002-2
    chardev-remove char-client-002-2
   
    ovs-vsctl del-port  client-002-2
(gdb) bt
#0  0x00007f80483265f7 in raise () from /lib64/libc.so.6
#1  0x00007f8048327ce8 in abort () from /lib64/libc.so.6
#2  0x00007f804831f566 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007f804831f612 in __assert_fail () from /lib64/libc.so.6
#4  0x00007f804b729bec in get_vhost_net (nc=<optimized out>) at /opt/cloud/contrib/qemu-2.7.1/hw/net/vhost_net.c:415
#5  0x00007f804b726f31 in virtio_net_vhost_status (status=0 '\000', n=0x7f804db841c0) at /opt/cloud/contrib/qemu-2.7.1/hw/net/virtio-net.c:121
#6  virtio_net_set_status (vdev=<optimized out>, status=<optimized out>) at /opt/cloud/contrib/qemu-2.7.1/hw/net/virtio-net.c:224
#7  0x00007f804b73ead6 in virtio_set_status (vdev=vdev@entry=0x7f804db841c0, val=val@entry=0 '\000') at /opt/cloud/contrib/qemu-2.7.1/hw/virtio/virtio.c:760
#8  0x00007f804b8f869c in virtio_ioport_write (val=0, addr=18, opaque=0x7f804db7be80) at hw/virtio/virtio-pci.c:400
#9  virtio_pci_config_write (opaque=0x7f804db7be80, addr=18, val=0, size=<optimized out>) at hw/virtio/virtio-pci.c:525
#10 0x00007f804b6fa0db in memory_region_write_accessor (mr=0x7f804db7c710, addr=18, value=<optimized out>, size=1, shift=<optimized out>, mask=<optimized out>, attrs=...)
    at /opt/cloud/contrib/qemu-2.7.1/memory.c:525
#11 0x00007f804b6f8079 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7f7ffeffc958, size=size@entry=1, access_size_min=<optimized out>,
    access_size_max=<optimized out>, access=access@entry=0x7f804b6fa060 <memory_region_write_accessor>, mr=mr@entry=0x7f804db7c710, attrs=attrs@entry=...)
    at /opt/cloud/contrib/qemu-2.7.1/memory.c:591
#12 0x00007f804b6fc6f5 in memory_region_dispatch_write (mr=mr@entry=0x7f804db7c710, addr=addr@entry=18, data=0, size=size@entry=1, attrs=attrs@entry=...)
    at /opt/cloud/contrib/qemu-2.7.1/memory.c:1327
#13 0x00007f804b6b93bb in address_space_write_continue (mr=0x7f804db7c710, l=1, addr1=18, len=1, buf=0x7f804b4bc000 <Address 0x7f804b4bc000 out of bounds>, attrs=..., addr=4114,
    as=0x7f804bfaa3e0 <address_space_io>) at /opt/cloud/contrib/qemu-2.7.1/exec.c:2556
#14 address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /opt/cloud/contrib/qemu-2.7.1/exec.c:2601
#15 0x00007f804b6b9a3d in address_space_rw (as=<optimized out>, addr=addr@entry=4114, attrs=..., attrs@entry=..., buf=<optimized out>, len=len@entry=1, is_write=is_write@entry=true)
    at /opt/cloud/contrib/qemu-2.7.1/exec.c:2703
#16 0x00007f804b6f6fd5 in kvm_handle_io (count=1, size=1, direction=<optimized out>, data=<optimized out>, attrs=..., port=4114) at /opt/cloud/contrib/qemu-2.7.1/kvm-all.c:1791
#17 kvm_cpu_exec (cpu=cpu@entry=0x7f804d8d1de0) at /opt/cloud/contrib/qemu-2.7.1/kvm-all.c:1955
#18 0x00007f804b6e4e76 in qemu_kvm_cpu_thread_fn (arg=0x7f804d8d1de0) at /opt/cloud/contrib/qemu-2.7.1/cpus.c:1078
#19 0x00007f80486b9dc5 in start_thread () from /lib64/libpthread.so.0
#20 0x00007f80483e728d in clone () from /lib64/libc.so.6


After fix this:
Hmm, the socket didn't send a CLOSED event on remove?
 

     qemu_purge_queued_packets(nc);
 }


@@ -192,7 +195,8 @@ static gboolean net_vhost_user_watch(GIOChannel *chan, GIOCondition cond,
 {
     VhostUserState *s = opaque;


-    qemu_chr_disconnect(s->chr);
+    if (s->chr)
+        qemu_chr_disconnect(s->chr);



that looks outdated,


which version of qemu did you tested and patched?


thanks



     return FALSE;
 }
---

Marc-André Lureau

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index f2d49ad..4037cf4 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -412,7 +412,6 @@ VHostNetState *get_vhost_net(NetClientState *nc)
         break;
     case NET_CLIENT_DRIVER_VHOST_USER:
         vhost_net = vhost_user_get_vhost_net(nc);
-        assert(vhost_net);


(gdb) bt
#0  qemu_chr_disconnect (chr=0x0) at qemu-char.c:4081
#1  0x00007fdb4f538cf0 in net_vhost_user_watch (chan=<optimized out>, cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:195
#2  0x00007fdb4cd617aa in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#3  0x00007fdb4f5798f0 in glib_pollfds_poll () at main-loop.c:213
#4  os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258
#5  main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
#6  0x00007fdb4f2dbfa7 in main_loop () at vl.c:1909
#7  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4618




I think it`s because vhost-user client mode ,  2.7+ version new function(reconnect).   After qemu char-remove, the watch fd process didn`t stop. When ovs-dpdk remove port  and close watch fd,  qemu crashed.


Thanks
Huanghuai  



At 2017-01-11 23:02:26, "Marc-André Lureau" <marcandre.lureau@gmail.com> wrote:

Hi



On Wed, Jan 11, 2017 at 3:32 PM 黄淮 <h158309@126.com> wrote:

From: Huai Huang<h158309@126.com>





Could you describe a bit more the crash and provide a backtrace?

 
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index f2d49ad..4037cf4 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -412,7 +412,6 @@ VHostNetState *get_vhost_net(NetClientState *nc)
         break;
     case NET_CLIENT_DRIVER_VHOST_USER:
         vhost_net = vhost_user_get_vhost_net(nc);
-        assert(vhost_net);



This was recently added, in commit 1a5b68cee8a2b165ffd61b2e0641a4da3990f242.


How is it related?


I remember the rest of the vhost-user code expected get_vhost_net() to be non-null, did that change?



         break;
     default:
         break;
diff --git a/net/vhost-user.c b/net/vhost-user.c
index b0595f8..4e54478 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -160,7 +160,10 @@ static void vhost_user_cleanup(NetClientState *nc)
         qemu_chr_fe_release(s->chr);
         s->chr = NULL;
     }
-
+    if (s->watch) {
+        g_source_remove(s->watch);
+        s->watch = 0;
+    }