Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup
Date:	Wed, 14 Jun 2017 10:20:44 +0100
User-agent:	Mutt/1.8.0 (2017-02-23)

On Tue, Jun 13, 2017 at 12:35:21PM +0200, Gioh Kim wrote:
> I'd like to report one use-after-free problem which is found by 
> AddressSanitizer.
> My company provides virtualization server with Qemu-2.7.

I have tried the following but was unable to reproduce a segfault.
Please reproduce this issue with qemu.git/master and post the steps:

  $ qemu -M accel=kvm -cpu host -m 1G \
         -drive if=none,id=drive0,file=test.img,format=raw \
         -device virtio-blk-pci,drive=drive0,id=virtio-blk-pci0 \
         -drive 
if=none,id=drive1,file.driver=null-co,file.read-zeroes=on,file.latency-ns=5000000000,format=raw
 \
         -device virtio-blk-pci,drive=drive1,id=virtio-blk-pci1 \
         -d trace:virtio_blk_\*

First I just wanted to see what happens when system_reset is invoked
while a request is in flight:

  guest$ dd if=/dev/vdb of=/dev/null iflag=direct bs=512 count=1
  (qemu) system_reset
  address@hidden:virtio_blk_handle_read vdev 0x62d00006c910 req 0x611000b07880 
sector 0 nsectors 1
  > virtio_pci_reset vdev 0x62d00006c910
  address@hidden:virtio_blk_data_plane_stop dataplane 0x606000096c80
  address@hidden:virtio_blk_rw_complete vdev 0x62d00006c910 req 0x611000b07880 
ret 0
  address@hidden:virtio_blk_req_complete vdev 0x62d00006c910 req 0x611000b07880 
status 0
  > virtio_blk_reset vdev 0x62d00006c910

Requests are drained in virtio_blk_data_plane_stop() and again in
virtio_blk_reset() so in-flight requests will exist across system_reset.

Next I tried what you suggested:

  guest$ dd if=/dev/vdb of=/dev/null iflag=direct bs=512 count=1
  (qemu) device_del virtio-blk-pci1
  (qemu) system_reset
  address@hidden:virtio_blk_handle_read vdev 0x62d00006c910 req 0x611001464040 
sector 0 nsectors 1
  address@hidden:virtio_blk_data_plane_stop dataplane 0x606000096c80
  address@hidden:virtio_blk_rw_complete vdev 0x62d00006c910 req 0x611001464040 
ret 0
  address@hidden:virtio_blk_req_complete vdev 0x62d00006c910 req 0x611001464040 
status 0

The request was also drained by virtio_blk_data_plane_stop().

(I added the vdev parameter to the trace events to make it easy to
identify the virtio-blk device that a request belongs to.  I will send a
patch to qemu-devel.)

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup, Gioh Kim, 2017/06/13
- Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup, Stefan Hajnoczi, 2017/06/13
- Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup, Stefan Hajnoczi <=
  - Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup, Gi-Oh Kim, 2017/06/14

Prev by Date: Re: [Qemu-devel] [PATCH] migration: Fix compilation with older compilers
Next by Date: Re: [Qemu-devel] [PATCH v2] hmp, qmp: introduce "info memory" and "query-memory" commands
Previous by thread: Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup
Next by thread: Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup
Index(es):
- Date
- Thread