fix crashes when inject errors to vhost-user-blk chardev

[PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev

Posted by Li Feng 4 years ago

The following patches fix various crashes happened when injecting errors to
chardev unix domain socket.

The crashes are encountered when the socket is from connected to disconnected at
vhost-user-blk realize routine.

These crashes could be reproduced like this:
1. gdb break at vhost_user_write;
2. add a vhost-user-blk device through qmp;
3. when stop at vhost_user_write, kill the vhost-user-blk target;
3. let qemu continue running;
4. start vhost-user-blk;
5. see crash!

The 'CLOSE' event path is core trouble maker.

qemu_chr_fe_set_handlers
   -> vhost_user_blk_event(OPEN)
       -> vhost_user_blk_connect
            -> vhost_dev_init
                -> vhost_user_blk_event(CLOSE)
                -> vhost_dev_cleanup


Li Feng (4):
  vhost-user-blk: delay vhost_user_blk_disconnect
  vhost-user-blk: fix invalid memory access
  char-socket: avoid double call tcp_chr_free_connection
  vhost-user-blk: fix crash in realize process

 chardev/char-socket.c     |  5 ++++
 hw/block/vhost-user-blk.c | 75 ++++++++++++++++++++++++++++++++---------------
 hw/virtio/vhost.c         |  2 +-
 3 files changed, 58 insertions(+), 24 deletions(-)

-- 
2.11.0


-- 
The SmartX email address is only for business purpose. Any sent message 
that is not related to the business is not authorized or permitted by 
SmartX.
本邮箱为北京志凌海纳科技有限公司（SmartX）工作邮箱. 如本邮箱发出的邮件与工作无关,该邮件未得到本公司任何的明示或默示的授权.

Re: [PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev

Posted by Michael S. Tsirkin 4 years ago

On Wed, Apr 15, 2020 at 11:28:22AM +0800, Li Feng wrote:
> The following patches fix various crashes happened when injecting errors to
> chardev unix domain socket.

I think these are mostly unrelated fixes right?
If so pls post them separately so I know I can just apply
some and wait for others to get acked.


> The crashes are encountered when the socket is from connected to disconnected at
> vhost-user-blk realize routine.
> 
> These crashes could be reproduced like this:
> 1. gdb break at vhost_user_write;
> 2. add a vhost-user-blk device through qmp;
> 3. when stop at vhost_user_write, kill the vhost-user-blk target;
> 3. let qemu continue running;
> 4. start vhost-user-blk;
> 5. see crash!
> 
> The 'CLOSE' event path is core trouble maker.
> 
> qemu_chr_fe_set_handlers
>    -> vhost_user_blk_event(OPEN)
>        -> vhost_user_blk_connect
>             -> vhost_dev_init
>                 -> vhost_user_blk_event(CLOSE)
>                 -> vhost_dev_cleanup
> 
> 
> Li Feng (4):
>   vhost-user-blk: delay vhost_user_blk_disconnect
>   vhost-user-blk: fix invalid memory access
>   char-socket: avoid double call tcp_chr_free_connection
>   vhost-user-blk: fix crash in realize process
> 
>  chardev/char-socket.c     |  5 ++++
>  hw/block/vhost-user-blk.c | 75 ++++++++++++++++++++++++++++++++---------------
>  hw/virtio/vhost.c         |  2 +-
>  3 files changed, 58 insertions(+), 24 deletions(-)
> 
> -- 
> 2.11.0
> 
> 
> -- 
> The SmartX email address is only for business purpose. Any sent message 
> that is not related to the business is not authorized or permitted by 
> SmartX.
> 本邮箱为北京志凌海纳科技有限公司（SmartX）工作邮箱. 如本邮箱发出的邮件与工作无关,该邮件未得到本公司任何的明示或默示的授权.
>

Re: [PATCH 0/4] fix crashes when inject errors to vhost-user-blk chardev

Posted by Li Feng 4 years ago

OK, I will submit this patch "vhost-user-blk: fix invalid memory
access" firstly.
This is unrelated with other three and it has been acked.

Thanks,
Feng Li

Michael S. Tsirkin <mst@redhat.com> 于2020年4月17日周五 下午5:45写道：
>
> On Wed, Apr 15, 2020 at 11:28:22AM +0800, Li Feng wrote:
> > The following patches fix various crashes happened when injecting errors to
> > chardev unix domain socket.
>
> I think these are mostly unrelated fixes right?
> If so pls post them separately so I know I can just apply
> some and wait for others to get acked.
>
>
> > The crashes are encountered when the socket is from connected to disconnected at
> > vhost-user-blk realize routine.
> >
> > These crashes could be reproduced like this:
> > 1. gdb break at vhost_user_write;
> > 2. add a vhost-user-blk device through qmp;
> > 3. when stop at vhost_user_write, kill the vhost-user-blk target;
> > 3. let qemu continue running;
> > 4. start vhost-user-blk;
> > 5. see crash!
> >
> > The 'CLOSE' event path is core trouble maker.
> >
> > qemu_chr_fe_set_handlers
> >    -> vhost_user_blk_event(OPEN)
> >        -> vhost_user_blk_connect
> >             -> vhost_dev_init
> >                 -> vhost_user_blk_event(CLOSE)
> >                 -> vhost_dev_cleanup
> >
> >
> > Li Feng (4):
> >   vhost-user-blk: delay vhost_user_blk_disconnect
> >   vhost-user-blk: fix invalid memory access
> >   char-socket: avoid double call tcp_chr_free_connection
> >   vhost-user-blk: fix crash in realize process
> >
> >  chardev/char-socket.c     |  5 ++++
> >  hw/block/vhost-user-blk.c | 75 ++++++++++++++++++++++++++++++++---------------
> >  hw/virtio/vhost.c         |  2 +-
> >  3 files changed, 58 insertions(+), 24 deletions(-)
> >
> > --
> > 2.11.0
> >
> >
> > --
> > The SmartX email address is only for business purpose. Any sent message
> > that is not related to the business is not authorized or permitted by
> > SmartX.
> > 本邮箱为北京志凌海纳科技有限公司（SmartX）工作邮箱. 如本邮箱发出的邮件与工作无关,该邮件未得到本公司任何的明示或默示的授权.
> >
>

-- 
The SmartX email address is only for business purpose. Any sent message 
that is not related to the business is not authorized or permitted by 
SmartX.
本邮箱为北京志凌海纳科技有限公司（SmartX）工作邮箱. 如本邮箱发出的邮件与工作无关,该邮件未得到本公司任何的明示或默示的授权.