[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [BUG] QEMU crashes with dpdk virtio pmd
From: |
Jason Wang |
Subject: |
Re: [Qemu-devel] [BUG] QEMU crashes with dpdk virtio pmd |
Date: |
Tue, 25 Apr 2017 20:02:23 +0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 2017年04月25日 19:37, wangyunjian wrote:
The q->tx_bh will free in virtio_net_del_queue() function, when remove virtio
queues
if the guest doesn't support multiqueue. But it might be still referenced by
others (eg . virtio_net_set_status()),
which need so set NULL.
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7d091c9..98bd683 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1522,9 +1522,12 @@ static void virtio_net_del_queue(VirtIONet *n, int index)
if (q->tx_timer) {
timer_del(q->tx_timer);
timer_free(q->tx_timer);
+ q->tx_timer = NULL;
} else {
qemu_bh_delete(q->tx_bh);
+ q->tx_bh = NULL;
}
+ q->tx_waiting = 0;
virtio_del_queue(vdev, index * 2 + 1);
}
Thanks a lot for the fix.
Two questions:
- If virtio_net_set_status() is the only function that may access tx_bh,
it looks like setting tx_waiting to zero is sufficient?
- Can you post a formal patch for this?
Thanks
From: wangyunjian
Sent: Monday, April 24, 2017 6:10 PM
To: address@hidden; Michael S. Tsirkin <address@hidden>; 'Jason Wang'
<address@hidden>
Cc: wangyunjian <address@hidden>; caihe <address@hidden>
Subject: [Qemu-devel][BUG] QEMU crashes with dpdk virtio pmd
Qemu crashes, with pre-condition:
vm xml config with multiqueue, and the vm's driver virtio-net support
multi-queue
reproduce steps:
i. start dpdk testpmd in VM with the virtio nic
ii. stop testpmd
iii. reboot the VM
This commit "f9d6dbf0 remove virtio queues if the guest doesn't support
multiqueue" is introduced.
Qemu version: QEMU emulator version 2.9.50 (v2.9.0-137-g32c7e0a)
VM DPDK version: DPDK-1.6.1
Call Trace:
#0 0x00007f60881fe5d7 in raise () from /usr/lib64/libc.so.6
#1 0x00007f60881ffcc8 in abort () from /usr/lib64/libc.so.6
#2 0x00007f608823e2f7 in __libc_message () from /usr/lib64/libc.so.6
#3 0x00007f60882456d3 in _int_free () from /usr/lib64/libc.so.6
#4 0x00007f608900158f in g_free () from /usr/lib64/libglib-2.0.so.0
#5 0x00007f6088fea32c in iter_remove_or_steal () from
/usr/lib64/libglib-2.0.so.0
#6 0x00007f608edc0986 in object_property_del_all (obj=0x7f6091e74800) at
qom/object.c:410
#7 object_finalize (data=0x7f6091e74800) at qom/object.c:467
#8 object_unref (address@hidden) at qom/object.c:903
#9 0x00007f608eaf1fd3 in phys_section_destroy (mr=0x7f6091e74800) at
git/qemu/exec.c:1154
#10 phys_sections_free (map=0x7f6090b72bb0) at git/qemu/exec.c:1163
#11 address_space_dispatch_free (d=0x7f6090b72b90) at git/qemu/exec.c:2514
#12 0x00007f608ee91ace in call_rcu_thread (opaque=<optimized out>) at
util/rcu.c:272
#13 0x00007f6089b0ddc5 in start_thread () from /usr/lib64/libpthread.so.0
#14 0x00007f60882bf71d in clone () from /usr/lib64/libc.so.6
Call Trace:
#0 0x00007fdccaeb9790 in ?? ()
#1 0x00007fdcd82d09fc in object_property_del_all (obj=0x7fdcdb8acf60) at
qom/object.c:405
#2 object_finalize (data=0x7fdcdb8acf60) at qom/object.c:467
#3 object_unref (address@hidden) at qom/object.c:903
#4 0x00007fdcd8001fd3 in phys_section_destroy (mr=0x7fdcdb8acf60) at
git/qemu/exec.c:1154
#5 phys_sections_free (map=0x7fdcdc86aa00) at git/qemu/exec.c:1163
#6 address_space_dispatch_free (d=0x7fdcdc86a9e0) at git/qemu/exec.c:2514
#7 0x00007fdcd83a1ace in call_rcu_thread (opaque=<optimized out>) at
util/rcu.c:272
#8 0x00007fdcd301ddc5 in start_thread () from /usr/lib64/libpthread.so.0
#9 0x00007fdcd17cf71d in clone () from /usr/lib64/libc.so.6