[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 4/4] vhost-user-blk: fix crash in realize process
|
From: |
Li Feng |
|
Subject: |
[PATCH 4/4] vhost-user-blk: fix crash in realize process |
|
Date: |
Wed, 15 Apr 2020 11:28:26 +0800 |
The crash could be reproduced like this:
1. break vhost_user_write;
2. kill the vhost-user-blk target;
3. let qemu continue running;
4. start vhost-user-blk;
5. see crash!
This fix makes changes:
1. set s->connected to true after vhost_dev_init;
2. call vhost_dev_get_config when s->connected is true, otherwise the
hdev->host_ops will be nullptr.
Signed-off-by: Li Feng <address@hidden>
---
hw/block/vhost-user-blk.c | 47 +++++++++++++++++++++++++----------------------
1 file changed, 25 insertions(+), 22 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 19e79b96e4..35386b7cb7 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -303,8 +303,6 @@ static int vhost_user_blk_connect(DeviceState *dev)
if (s->connected) {
return 0;
}
- s->connected = true;
-
s->dev.nvqs = s->num_queues;
s->dev.vqs = s->vhost_vqs;
s->dev.vq_index = 0;
@@ -318,6 +316,11 @@ static int vhost_user_blk_connect(DeviceState *dev)
strerror(-ret));
return ret;
}
+ /*
+ * set true util vhost_dev_init return ok, because CLOSE event may happen
+ * in vhost_dev_init routine.
+ */
+ s->connected = true;
/* restore vhost state */
if (virtio_device_started(vdev, vdev->status)) {
@@ -401,6 +404,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev,
Error **errp)
VHostUserBlk *s = VHOST_USER_BLK(vdev);
Error *err = NULL;
int i, ret;
+ bool reconnect;
if (!s->chardev.chr) {
error_setg(errp, "vhost-user-blk: chardev is mandatory");
@@ -433,27 +437,26 @@ static void vhost_user_blk_device_realize(DeviceState
*dev, Error **errp)
s->inflight = g_new0(struct vhost_inflight, 1);
s->vhost_vqs = g_new0(struct vhost_virtqueue, s->num_queues);
s->connected = false;
+ reconnect = false;
- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event,
- NULL, (void *)dev, NULL, true);
-
-reconnect:
- if (qemu_chr_fe_wait_connected(&s->chardev, &err) < 0) {
- error_report_err(err);
- goto virtio_err;
- }
-
- /* check whether vhost_user_blk_connect() failed or not */
- if (!s->connected) {
- goto reconnect;
- }
-
- ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg,
- sizeof(struct virtio_blk_config));
- if (ret < 0) {
- error_report("vhost-user-blk: get block config failed");
- goto reconnect;
- }
+ do {
+ if (qemu_chr_fe_wait_connected(&s->chardev, &err) < 0) {
+ error_report_err(err);
+ goto virtio_err;
+ }
+ qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
vhost_user_blk_event,
+ NULL, (void *)dev, NULL, true);
+ if (s->connected) {
+ ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg,
+ sizeof(struct virtio_blk_config));
+ if (ret < 0) {
+ error_report("vhost-user-blk: get block config failed");
+ reconnect = true;
+ } else {
+ reconnect = false;
+ }
+ }
+ } while (!s->connected || reconnect);
if (s->blkcfg.num_queues != s->num_queues) {
s->blkcfg.num_queues = s->num_queues;
--
2.11.0
--
The SmartX email address is only for business purpose. Any sent message
that is not related to the business is not authorized or permitted by
SmartX.
本邮箱为北京志凌海纳科技有限公司(SmartX)工作邮箱. 如本邮箱发出的邮件与工作无关,该邮件未得到本公司任何的明示或默示的授权.
- [PATCH 1/4] vhost-user-blk: delay vhost_user_blk_disconnect, (continued)
- [PATCH 4/4] vhost-user-blk: fix crash in realize process,
Li Feng <=
[PATCH 2/4] vhost-user-blk: fix invalid memory access, Li Feng, 2020/04/14
Re: [PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev, Michael S. Tsirkin, 2020/04/17