From nobody Mon Apr 29 09:34:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1492005282624719.3015538664199; Wed, 12 Apr 2017 06:54:42 -0700 (PDT) Received: from localhost ([::1]:44418 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cyIjI-0007yW-HE for importer@patchew.org; Wed, 12 Apr 2017 09:54:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60325) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cyIi3-00078V-EZ for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cyIi2-0004cN-Ea for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54588) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cyIi2-0004bz-8V for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:22 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 05DEB7AEAE; Wed, 12 Apr 2017 13:53:21 +0000 (UTC) Received: from thinkpad.redhat.com (ovpn-116-243.ams2.redhat.com [10.36.116.243]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51FA3173C5; Wed, 12 Apr 2017 13:53:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 05DEB7AEAE Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lvivier@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 05DEB7AEAE From: Laurent Vivier To: "Dr . David Alan Gilbert" Date: Wed, 12 Apr 2017 15:53:11 +0200 Message-Id: <20170412135312.1686-2-lvivier@redhat.com> In-Reply-To: <20170412135312.1686-1-lvivier@redhat.com> References: <20170412135312.1686-1-lvivier@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 12 Apr 2017 13:53:21 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 1/2] migration: don't close a file descriptor while it can be in use X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amit Shah , qemu-devel@nongnu.org, Stefan Hajnoczi , "Michael S . Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If we close the QEMUFile descriptor in process_incoming_migration_co() while it has been stopped by an error, the postcopy_ram_listen_thread() can try to continue to use it. And as the memory has been freed it is working with an invalid pointer and crashes. Fix this by releasing the memory after having managed the error case (which, in fact, calls exit()) Signed-off-by: Laurent Vivier Acked-by: Amit Shah Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Stefan Hajnoczi --- migration/migration.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/migration/migration.c b/migration/migration.c index ad4036f..e024e0a 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -436,9 +436,6 @@ static void process_incoming_migration_co(void *opaque) qemu_thread_join(&mis->colo_incoming_thread); } =20 - qemu_fclose(f); - free_xbzrle_decoded_buf(); - if (ret < 0) { migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE, MIGRATION_STATUS_FAILED); @@ -447,6 +444,9 @@ static void process_incoming_migration_co(void *opaque) exit(EXIT_FAILURE); } =20 + qemu_fclose(f); + free_xbzrle_decoded_buf(); + mis->bh =3D qemu_bh_new(process_incoming_migration_bh, mis); qemu_bh_schedule(mis->bh); } --=20 2.9.3 From nobody Mon Apr 29 09:34:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1492005354541842.640790970181; Wed, 12 Apr 2017 06:55:54 -0700 (PDT) Received: from localhost ([::1]:44426 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cyIkT-0000ND-4m for importer@patchew.org; Wed, 12 Apr 2017 09:55:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60353) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cyIi5-00079V-4x for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cyIi4-0004d0-8q for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:25 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54652) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cyIi3-0004ca-VQ for qemu-devel@nongnu.org; Wed, 12 Apr 2017 09:53:24 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D00AA7AEA5; Wed, 12 Apr 2017 13:53:22 +0000 (UTC) Received: from thinkpad.redhat.com (ovpn-116-243.ams2.redhat.com [10.36.116.243]) by smtp.corp.redhat.com (Postfix) with ESMTP id 54E28173E5; Wed, 12 Apr 2017 13:53:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D00AA7AEA5 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lvivier@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D00AA7AEA5 From: Laurent Vivier To: "Dr . David Alan Gilbert" Date: Wed, 12 Apr 2017 15:53:12 +0200 Message-Id: <20170412135312.1686-3-lvivier@redhat.com> In-Reply-To: <20170412135312.1686-1-lvivier@redhat.com> References: <20170412135312.1686-1-lvivier@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 12 Apr 2017 13:53:23 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 2/2] virtio-rng: stop virtqueue while the CPU is stopped X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amit Shah , qemu-devel@nongnu.org, Stefan Hajnoczi , "Michael S . Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If we modify the virtio-rng virqueue while the vmstate is already migrated we can have some inconsistencies between the virtqueue state and the memory content. To avoid this, stop the virtqueue while the CPU is stopped. Signed-off-by: Laurent Vivier Acked-by: Amit Shah Reviewed-by: Stefan Hajnoczi --- hw/virtio/trace-events | 3 +++ hw/virtio/virtio-rng.c | 29 +++++++++++++++++++++++------ include/hw/virtio/virtio-rng.h | 2 ++ 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events index 6926eed..1f7a7c1 100644 --- a/hw/virtio/trace-events +++ b/hw/virtio/trace-events @@ -11,8 +11,11 @@ virtio_set_status(void *vdev, uint8_t val) "vdev %p val = %u" =20 # hw/virtio/virtio-rng.c virtio_rng_guest_not_ready(void *rng) "rng %p: guest not ready" +virtio_rng_cpu_is_stopped(void *rng, int size) "rng %p: cpu is stopped, dr= opping %d bytes" +virtio_rng_popped(void *rng) "rng %p: elem popped" virtio_rng_pushed(void *rng, size_t len) "rng %p: %zd bytes pushed" virtio_rng_request(void *rng, size_t size, unsigned quota) "rng %p: %zd by= tes requested, %u bytes quota left" +virtio_rng_vm_state_change(void *rng, int running, int state) "rng %p: sta= te change to running %d state %d" =20 # hw/virtio/virtio-balloon.c # diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c index 9639f4e..a6ee501 100644 --- a/hw/virtio/virtio-rng.c +++ b/hw/virtio/virtio-rng.c @@ -53,6 +53,15 @@ static void chr_read(void *opaque, const void *buf, size= _t size) return; } =20 + /* we can't modify the virtqueue until + * our state is fully synced + */ + + if (!runstate_check(RUN_STATE_RUNNING)) { + trace_virtio_rng_cpu_is_stopped(vrng, size); + return; + } + vrng->quota_remaining -=3D size; =20 offset =3D 0; @@ -61,6 +70,7 @@ static void chr_read(void *opaque, const void *buf, size_= t size) if (!elem) { break; } + trace_virtio_rng_popped(vrng); len =3D iov_from_buf(elem->in_sg, elem->in_num, 0, buf + offset, size - offset); offset +=3D len; @@ -120,17 +130,21 @@ static uint64_t get_features(VirtIODevice *vdev, uint= 64_t f, Error **errp) return f; } =20 -static int virtio_rng_post_load(void *opaque, int version_id) +static void virtio_rng_vm_state_change(void *opaque, int running, + RunState state) { VirtIORNG *vrng =3D opaque; =20 + trace_virtio_rng_vm_state_change(vrng, running, state); + /* We may have an element ready but couldn't process it due to a quota - * limit. Make sure to try again after live migration when the quota = may - * have been reset. + * limit or because CPU was stopped. Make sure to try again when the + * CPU restart. */ - virtio_rng_process(vrng); =20 - return 0; + if (running && is_guest_ready(vrng)) { + virtio_rng_process(vrng); + } } =20 static void check_rate_limit(void *opaque) @@ -198,6 +212,9 @@ static void virtio_rng_device_realize(DeviceState *dev,= Error **errp) vrng->rate_limit_timer =3D timer_new_ms(QEMU_CLOCK_VIRTUAL, check_rate_limit, vrng); vrng->activate_timer =3D true; + + vrng->vmstate =3D qemu_add_vm_change_state_handler(virtio_rng_vm_state= _change, + vrng); } =20 static void virtio_rng_device_unrealize(DeviceState *dev, Error **errp) @@ -205,6 +222,7 @@ static void virtio_rng_device_unrealize(DeviceState *de= v, Error **errp) VirtIODevice *vdev =3D VIRTIO_DEVICE(dev); VirtIORNG *vrng =3D VIRTIO_RNG(dev); =20 + qemu_del_vm_change_state_handler(vrng->vmstate); timer_del(vrng->rate_limit_timer); timer_free(vrng->rate_limit_timer); virtio_cleanup(vdev); @@ -218,7 +236,6 @@ static const VMStateDescription vmstate_virtio_rng =3D { VMSTATE_VIRTIO_DEVICE, VMSTATE_END_OF_LIST() }, - .post_load =3D virtio_rng_post_load, }; =20 static Property virtio_rng_properties[] =3D { diff --git a/include/hw/virtio/virtio-rng.h b/include/hw/virtio/virtio-rng.h index 2d40abd..922dce7 100644 --- a/include/hw/virtio/virtio-rng.h +++ b/include/hw/virtio/virtio-rng.h @@ -45,6 +45,8 @@ typedef struct VirtIORNG { QEMUTimer *rate_limit_timer; int64_t quota_remaining; bool activate_timer; + + VMChangeStateEntry *vmstate; } VirtIORNG; =20 #endif --=20 2.9.3