1. Patchew
  2. QEMU
  3. View series

[PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup

Eugenio Pérez posted 1 patch 2 years, 4 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20230913123408.2819185-1-eperezma@redhat.com
Maintainers: Jason Wang <jasowang@redhat.com>
net/vhost-vdpa.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
Posted by Eugenio Pérez 2 years, 4 months ago 
Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
net device restart.

This is caused because CVQ tries to reuse the iova_tree that is present
in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
As a consequence, it tries to access an iova_tree that has been already
free.

Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
Reported-by: Yanhui Ma <yama@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
---
 net/vhost-vdpa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 34202ca009..1714ff4b11 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
     dev = s->vhost_vdpa.dev;
     if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
         g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
+    } else {
+        s->vhost_vdpa.iova_tree = NULL;
     }
 }
 
-- 
2.39.3
Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
Posted by Si-Wei Liu 2 years, 4 months ago 

On 9/13/2023 5:34 AM, Eugenio Pérez wrote:
> Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> net device restart.
>
> This is caused because CVQ tries to reuse the iova_tree that is present
> in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> As a consequence, it tries to access an iova_tree that has been already
> free.
>
> Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> Reported-by: Yanhui Ma <yama@redhat.com>
> Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
> ---
>   net/vhost-vdpa.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> index 34202ca009..1714ff4b11 100644
> --- a/net/vhost-vdpa.c
> +++ b/net/vhost-vdpa.c
> @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
>       dev = s->vhost_vdpa.dev;
>       if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
>           g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> +    } else {
> +        s->vhost_vdpa.iova_tree = NULL;
>       }
>   }
>
Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
Posted by Jason Wang 2 years, 4 months ago 
On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote:
>
> Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> net device restart.
>
> This is caused because CVQ tries to reuse the iova_tree that is present
> in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> As a consequence, it tries to access an iova_tree that has been already
> free.
>
> Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> Reported-by: Yanhui Ma <yama@redhat.com>
> Signed-off-by: Eugenio Pérez <eperezma@redhat.com>

Acked-by: Jason Wang <jasowang@redhat.com>

Thanks

> ---
>  net/vhost-vdpa.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> index 34202ca009..1714ff4b11 100644
> --- a/net/vhost-vdpa.c
> +++ b/net/vhost-vdpa.c
> @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
>      dev = s->vhost_vdpa.dev;
>      if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
>          g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> +    } else {
> +        s->vhost_vdpa.iova_tree = NULL;
>      }
>  }
>
> --
> 2.39.3
>
Re: [PATCH] vdpa net: zero vhost_vdpa iova_tree pointer at cleanup
Posted by Lei Yang 2 years, 4 months ago 
QE tested this patch with real nic,guest can works well after
cancelling migration.

Tested-by: Lei Yang <leiyang@redhat.com>

On Thu, Sep 14, 2023 at 11:23 AM Jason Wang <jasowang@redhat.com> wrote:
>
> On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote:
> >
> > Not zeroing it causes a SIGSEGV if the live migration is cancelled, at
> > net device restart.
> >
> > This is caused because CVQ tries to reuse the iova_tree that is present
> > in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start.
> > As a consequence, it tries to access an iova_tree that has been already
> > free.
> >
> > Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start")
> > Reported-by: Yanhui Ma <yama@redhat.com>
> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
>
> Acked-by: Jason Wang <jasowang@redhat.com>
>
> Thanks
>
> > ---
> >  net/vhost-vdpa.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> > index 34202ca009..1714ff4b11 100644
> > --- a/net/vhost-vdpa.c
> > +++ b/net/vhost-vdpa.c
> > @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc)
> >      dev = s->vhost_vdpa.dev;
> >      if (dev->vq_index + dev->nvqs == dev->vq_index_end) {
> >          g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete);
> > +    } else {
> > +        s->vhost_vdpa.iova_tree = NULL;
> >      }
> >  }
> >
> > --
> > 2.39.3
> >
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.