From nobody Fri May  3 04:46:26 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1501206751908782.1699040684188;
 Thu, 27 Jul 2017 18:52:31 -0700 (PDT)
Received: from localhost ([::1]:45421 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1dauS5-0007j9-Uz
	for importer@patchew.org; Thu, 27 Jul 2017 21:52:29 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44896)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wangyunjian@huawei.com>) id 1dauRF-0007RE-RU
	for qemu-devel@nongnu.org; Thu, 27 Jul 2017 21:51:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wangyunjian@huawei.com>) id 1dauRB-00057Y-OW
	for qemu-devel@nongnu.org; Thu, 27 Jul 2017 21:51:37 -0400
Received: from szxga02-in.huawei.com ([45.249.212.188]:4406)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71)
	(envelope-from <wangyunjian@huawei.com>) id 1dauRB-000553-4b
	for qemu-devel@nongnu.org; Thu, 27 Jul 2017 21:51:33 -0400
Received: from 172.30.72.56 (EHLO DGGEML401-HUB.china.huawei.com)
	([172.30.72.56])
	by dggrg02-dlp.huawei.com (MOS 4.4.6-GA FastPath queued)
	with ESMTP id ASG27113; Fri, 28 Jul 2017 09:51:20 +0800 (CST)
Received: from localhost (10.177.24.66) by DGGEML401-HUB.china.huawei.com
	(10.3.17.32) with Microsoft SMTP Server id 14.3.301.0; Fri, 28 Jul 2017
	09:51:10 +0800
From: w00273186 <wangyunjian@huawei.com>
To: <qemu-devel@nongnu.org>
Date: Fri, 28 Jul 2017 09:50:53 +0800
Message-ID: <1501206653-10704-1-git-send-email-wangyunjian@huawei.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
MIME-Version: 1.0
X-Originating-IP: [10.177.24.66]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A020204.597A9899.005A, ss=1, re=0.000, recu=0.000,
	reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
	so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 902a403b88fa038cc69cee98c7560df0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
	[fuzzy]
X-Received-From: 45.249.212.188
Subject: [Qemu-devel] [PATCH v3] vhost-user: fix watcher need be removed
 when vhost-user hotplug
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: marcandre.lureau@redhat.com, jasowang@redhat.com,
	Yunjian Wang <wangyunjian@huawei.com>, caihe@huawei.com, mst@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Yunjian Wang <wangyunjian@huawei.com>

"nc" is freed after hotplug vhost-user, but the watcher is not removed.
The QEMU crash when the watcher access the "nc" when socket disconnects.

    Program received signal SIGSEGV, Segmentation fault.
    #0  object_get_class (obj=3Dobj@entry=3D0x2) at qom/object.c:750
    #1  0x00007f9bb4180da1 in qemu_chr_fe_disconnect (be=3D<optimized out>)=
 at chardev/char-fe.c:372
    #2  0x00007f9bb40d1100 in net_vhost_user_watch (chan=3D<optimized out>,=
 cond=3D<optimized out>, opaque=3D<optimized out>) at net/vhost-user.c:188
    #3  0x00007f9baf97f99a in g_main_context_dispatch () from /usr/lib64/li=
bglib-2.0.so.0
    #4  0x00007f9bb41d7ebc in glib_pollfds_poll () at util/main-loop.c:213
    #5  os_host_main_loop_wait (timeout=3D<optimized out>) at util/main-loo=
p.c:261
    #6  main_loop_wait (nonblocking=3Dnonblocking@entry=3D0) at util/main-l=
oop.c:515
    #7  0x00007f9bb3e266a7 in main_loop () at vl.c:1917
    #8  main (argc=3D<optimized out>, argv=3D<optimized out>, envp=3D<optim=
ized out>) at vl.c:4786

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
---
v3:
 -fix conflicts with current master.

v2:
 -move the chunk before deinit.

ps:
 reproduce steps:
    1. virsh attach-device vm0 vhost-user.xml
    2. virsh detach-device vm0 vhost-user.xml
    3. virsh attach-device vm0 vhost-user.xml
    4. service openvswitch restart
    5. repeat step 2~4

 the vhost-user xml:
    <interface type=3D'vhostuser'>
      <mac address=3D'00:01:01:00:10:41'/>
      <source type=3D'unix' path=3D'/var/run/vhost-user/tap1' mode=3D'clien=
t'/>
      <model type=3D'virtio'/>
      <driver queues=3D'8'/>
    </interface>
---
 net/vhost-user.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/vhost-user.c b/net/vhost-user.c
index 36f32a2..c23927c 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -151,6 +151,10 @@ static void vhost_user_cleanup(NetClientState *nc)
         s->vhost_net =3D NULL;
     }
     if (nc->queue_index =3D=3D 0) {
+        if (s->watch) {
+            g_source_remove(s->watch);
+            s->watch =3D 0;
+        }
         qemu_chr_fe_deinit(&s->chr, true);
     }
=20
--=20
1.8.3.1