[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v2 25/38] Revert "vhost-blk: set features before setting inflight
From: |
Michael S. Tsirkin |
Subject: |
[PULL v2 25/38] Revert "vhost-blk: set features before setting inflight feature" |
Date: |
Tue, 3 Nov 2020 23:51:49 -0500 |
From: Stefan Hajnoczi <stefanha@redhat.com>
This reverts commit adb29c027341ba095a3ef4beef6aaef86d3a520e.
The commit broke -device vhost-user-blk-pci because the
vhost_dev_prepare_inflight() function it introduced segfaults in
vhost_dev_set_features() when attempting to access struct vhost_dev's
vdev pointer before it has been assigned.
To reproduce the segfault simply launch a vhost-user-blk device with the
contrib vhost-user-blk device backend:
$ build/contrib/vhost-user-blk/vhost-user-blk -s /tmp/vhost-user-blk.sock -r
-b /var/tmp/foo.img
$ build/qemu-system-x86_64 \
-device vhost-user-blk-pci,id=drv0,chardev=char1,addr=4.0 \
-object memory-backend-memfd,id=mem,size=1G,share=on \
-M memory-backend=mem,accel=kvm \
-chardev socket,id=char1,path=/tmp/vhost-user-blk.sock
Segmentation fault (core dumped)
Cc: Jin Yu <jin.yu@intel.com>
Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201102165709.232180-1-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
include/hw/virtio/vhost.h | 1 -
hw/block/vhost-user-blk.c | 6 ------
hw/virtio/vhost.c | 18 ------------------
3 files changed, 25 deletions(-)
diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index 839bfb153c..94585067f7 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -141,7 +141,6 @@ void vhost_dev_reset_inflight(struct vhost_inflight
*inflight);
void vhost_dev_free_inflight(struct vhost_inflight *inflight);
void vhost_dev_save_inflight(struct vhost_inflight *inflight, QEMUFile *f);
int vhost_dev_load_inflight(struct vhost_inflight *inflight, QEMUFile *f);
-int vhost_dev_prepare_inflight(struct vhost_dev *hdev);
int vhost_dev_set_inflight(struct vhost_dev *dev,
struct vhost_inflight *inflight);
int vhost_dev_get_inflight(struct vhost_dev *dev, uint16_t queue_size,
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index f67b29bbf3..a076b1e54d 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -131,12 +131,6 @@ static int vhost_user_blk_start(VirtIODevice *vdev)
s->dev.acked_features = vdev->guest_features;
- ret = vhost_dev_prepare_inflight(&s->dev);
- if (ret < 0) {
- error_report("Error set inflight format: %d", -ret);
- goto err_guest_notifiers;
- }
-
if (!s->inflight->addr) {
ret = vhost_dev_get_inflight(&s->dev, s->queue_size, s->inflight);
if (ret < 0) {
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index f2482378c6..79b2be20df 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1645,24 +1645,6 @@ int vhost_dev_load_inflight(struct vhost_inflight
*inflight, QEMUFile *f)
return 0;
}
-int vhost_dev_prepare_inflight(struct vhost_dev *hdev)
-{
- int r;
-
- if (hdev->vhost_ops->vhost_get_inflight_fd == NULL ||
- hdev->vhost_ops->vhost_set_inflight_fd == NULL) {
- return 0;
- }
-
- r = vhost_dev_set_features(hdev, hdev->log_enabled);
- if (r < 0) {
- VHOST_OPS_DEBUG("vhost_dev_prepare_inflight failed");
- return r;
- }
-
- return 0;
-}
-
int vhost_dev_set_inflight(struct vhost_dev *dev,
struct vhost_inflight *inflight)
{
--
MST
- [PULL v2 13/38] virtio-iommu: Fix virtio_iommu_mr(), (continued)
- [PULL v2 13/38] virtio-iommu: Fix virtio_iommu_mr(), Michael S. Tsirkin, 2020/11/03
- [PULL v2 15/38] virtio-iommu: Add memory notifiers for map/unmap, Michael S. Tsirkin, 2020/11/03
- [PULL v2 17/38] virtio-iommu: Add replay() memory region callback, Michael S. Tsirkin, 2020/11/03
- [PULL v2 19/38] memory: Add interface to set iommu page size mask, Michael S. Tsirkin, 2020/11/03
- [PULL v2 20/38] vfio: Set IOMMU page size as per host supported page size, Michael S. Tsirkin, 2020/11/03
- [PULL v2 21/38] virtio-iommu: Set supported page size mask, Michael S. Tsirkin, 2020/11/03
- [PULL v2 22/38] vfio: Don't issue full 2^64 unmap, Michael S. Tsirkin, 2020/11/03
- [PULL v2 23/38] vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup, Michael S. Tsirkin, 2020/11/03
- [PULL v2 09/38] hw/acpi : add space before the open parenthesis '(', Michael S. Tsirkin, 2020/11/03
- [PULL v2 24/38] net: Add vhost-vdpa in show_netdevs(), Michael S. Tsirkin, 2020/11/03
- [PULL v2 25/38] Revert "vhost-blk: set features before setting inflight feature",
Michael S. Tsirkin <=
- [PULL v2 26/38] vhost-blk: set features before setting inflight feature, Michael S. Tsirkin, 2020/11/03
- [PULL v2 27/38] libvhost-user: follow QEMU comment style, Michael S. Tsirkin, 2020/11/03
- [PULL v2 29/38] block/export: make vhost-user-blk config space little-endian, Michael S. Tsirkin, 2020/11/03
- [PULL v2 11/38] hw/virtio/vhost-backend: Fix Coverity CID 1432871, Michael S. Tsirkin, 2020/11/03
- [PULL v2 30/38] block/export: fix vhost-user-blk get_config() information leak, Michael S. Tsirkin, 2020/11/03
- [PULL v2 12/38] hw/smbios: Fix leaked fd in save_opt_one() error path, Michael S. Tsirkin, 2020/11/03
- [PULL v2 14/38] virtio-iommu: Store memory region in endpoint struct, Michael S. Tsirkin, 2020/11/03
- [PULL v2 34/38] libqtest: add qtest_socket_server(), Michael S. Tsirkin, 2020/11/03
- [PULL v2 35/38] vhost-user-blk-test: rename destroy_drive() to destroy_file(), Michael S. Tsirkin, 2020/11/03
- [PULL v2 36/38] vhost-user-blk-test: close fork child file descriptors, Michael S. Tsirkin, 2020/11/03