From nobody Mon Apr 29 03:46:51 2024 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1510844136675685.736539713928; Thu, 16 Nov 2017 06:55:36 -0800 (PST) Received: from localhost ([::1]:41244 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eFLZS-00065v-Ge for importer@patchew.org; Thu, 16 Nov 2017 09:55:14 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36111) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eFChU-0005gg-Il for qemu-devel@nongnu.org; Thu, 16 Nov 2017 00:26:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eFChP-0002TR-K4 for qemu-devel@nongnu.org; Thu, 16 Nov 2017 00:26:56 -0500 Received: from szxga04-in.huawei.com ([45.249.212.190]:2354) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1eFChO-00020o-PN for qemu-devel@nongnu.org; Thu, 16 Nov 2017 00:26:51 -0500 Received: from 172.30.72.59 (EHLO DGGEMS413-HUB.china.huawei.com) ([172.30.72.59]) by dggrg04-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id DKY02218; Thu, 16 Nov 2017 13:26:31 +0800 (CST) Received: from localhost (10.177.25.200) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.361.1; Thu, 16 Nov 2017 13:25:18 +0800 From: "xinhua.Cao" To: , , , , , Date: Thu, 16 Nov 2017 13:25:11 +0800 Message-ID: <20171116052511.16236-1-caoxinhua@huawei.com> X-Mailer: git-send-email 2.8.3 MIME-Version: 1.0 X-Originating-IP: [10.177.25.200] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.5A0D2189.004B, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 462031ba4b27aff088e0936176a24e65 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 45.249.212.190 X-Mailman-Approved-At: Thu, 16 Nov 2017 09:49:47 -0500 Subject: [Qemu-devel] [PATCH] ipmi: check ibe status before ibe outlen at ipmi_bmc_extern_handle_command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: weidong.huang@huawei.com, weifuqiang@huawei.com, yanqiangjun@huawei.com, king.wang@huawei.com, "xinhua.Cao" , arei.gonglei@huawei.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When we always kill vm's ipmi_sim program. qemu will do handling chr_event to reconnect ipmi_sim. handling chain is chr_event -> continue_send -> qemu_chr_fe_write. if ipmi_sim program was killed again. then qemu_chr_fe_w= rite will failed. then ibe's outlen and outbuf will not cleared. so if vcpu hand= le a ipmi_bmc_extern_handle_command. qemu aborted. here is backtrace. (gdb) bt 0 0x00007f3d9f4181d7 in raise () from /usr/lib64/libc.so.6 1 0x00007f3d9f4198c8 in abort () from /usr/lib64/libc.so.6 2 0x0000000000635c20 in ipmi_bmc_extern_handle_command (b=3D, cmd=3D0x4290198 "\030\001\004\001", cmd_len=3D2, max_cmd_len=3D300, msg_id=3D39 '\'') at hw/ipmi/ipmi_bmc_extern.c:586 3 0x0000000000636e1d in ipmi_kcs_signal (ii=3D0x428fea0, ik=3D) at hw/ipmi/isa_ipmi_kcs.c:126 4 0x000000000047341a in memory_region_write_accessor (mr=3D0x428ff60, addr= =3D0, value=3D, size=3D1, shift=3D, mask=3D, attrs=3D...) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/memory.c:527 5 0x000000000047221f in access_with_adjusted_size (addr=3Daddr@entry=3D0, value=3Dvalue@entry=3D0x7f3d8affc838, size=3Dsize@entry=3D1, access_size_min=3D, access_size_max=3D, access=3Daccess@entry=3D0x4733a0 , mr=3Dmr@entry=3D0x428ff60, attrs=3Dattrs@entry=3D...) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/memory.c:593 6 0x0000000000473e4d in memory_region_dispatch_write (mr=3Dmr@entry=3D0x42= 8ff60, addr=3Daddr@entry=3D0, data=3D1, size=3Dsize@entry=3D1, attrs=3Dattrs@en= try=3D...) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/memory.c:1334 7 0x000000000042c2ed in address_space_write_continue (as=3Das@entry=3D0xec= b400 , addr=3Daddr@entry=3D3234, attrs=3D..., attrs@entry= =3D..., buf=3Dbuf@entry=3D0x7f3da59fe000
,= len=3Dlen@entry=3D1, addr1=3D0, l=3D1, mr=3D0x428ff60) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1= /exec.c:2998 8 0x000000000042de66 in address_space_write (as=3D0xecb400 , addr=3D3234, attrs=3D...,buf=3D0x7f3da59fe000
, len=3D1) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/exec.c:3043 9 0x000000000042e34d in address_space_rw (as=3D, addr=3Dadd= r@entry=3D3234, attrs=3D..., attrs@entry=3D..., buf=3Dbuf@entry=3D0x7f3da59fe000 , len=3Dlen@entry=3D1, is_write=3Dis_write@entry=3Dtrue) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/exec.c:3145 10 0x000000000046b751 in kvm_handle_io (port=3D3234, attrs=3Dattrs@entry=3D= ..., data=3D, direction=3D, size=3D1, count=3D1) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/kvm_all.c:1822 11 0x000000000046f4a7 in kvm_cpu_exec (cpu=3Dcpu@entry=3D0x36f3060) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/kvm_all.c:1980 12 0x0000000000459cf5 in qemu_kvm_cpu_thread_fn (arg=3Darg@entry=3D0x36f306= 0) at /root/rpmbuild/BUILD/qemu-kvm-2.8.1/cpus.c:1072 13 0x0000000000848818 in thread_entry_for_hotfix (pthread_cb=3D) at uvp/hotpatch/qemu_hotpatch_helper.c:502 14 0x00007f3d9f7acdc5 in start_thread () from /usr/lib64/libpthread.so.0 15 0x00007f3d9f4da6fd in clone () from /usr/lib64/libc.so.6 we check ibe status before ibe outlen at ipmi_bmc_extern_handle_command to = fix this abort. --- hw/ipmi/ipmi_bmc_extern.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c index abab3bb..7a49050 100644 --- a/hw/ipmi/ipmi_bmc_extern.c +++ b/hw/ipmi/ipmi_bmc_extern.c @@ -192,13 +192,6 @@ static void ipmi_bmc_extern_handle_command(IPMIBmc *b, uint8_t err =3D 0, csum; unsigned int i; =20 - if (ibe->outlen) { - /* We already have a command queued. Shouldn't ever happen. */ - fprintf(stderr, "IPMI KCS: Got command when not finished with the" - " previous command\n"); - abort(); - } - /* If it's too short or it was truncated, return an error. */ if (cmd_len < 2) { err =3D IPMI_CC_REQUEST_DATA_LENGTH_INVALID; @@ -206,7 +199,10 @@ static void ipmi_bmc_extern_handle_command(IPMIBmc *b, err =3D IPMI_CC_REQUEST_DATA_TRUNCATED; } else if (!ibe->connected) { err =3D IPMI_CC_BMC_INIT_IN_PROGRESS; + } else if (ibe->wdt_state.trans_fail) { + err =3D IPMI_CC_BMC_INIT_IN_PROGRESS; } + if (err) { IPMIInterfaceClass *k =3D IPMI_INTERFACE_GET_CLASS(s); unsigned char rsp[3]; @@ -218,6 +214,12 @@ static void ipmi_bmc_extern_handle_command(IPMIBmc *b, goto out; } =20 + if (ibe->outlen) { + /* We already have a command queued. Shouldn't ever happen. */ + QEMU_LOG(LOG_ERR, "IPMI KCS: Got command when not finished with th= e previous command\n"); + abort(); + } + addchar(ibe, msg_id); for (i =3D 0; i < cmd_len; i++) { addchar(ibe, cmd[i]); @@ -390,6 +392,7 @@ static void chr_event(void *opaque, int event) =20 switch (event) { case CHR_EVENT_OPENED: + QEMU_LOG(LOG_INFO, "open ipmi device\n"); ibe->connected =3D true; ibe->outpos =3D 0; ibe->outlen =3D 0; --=20 2.8.3