1. Patchew
  2. QEMU
  3. View series

[PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()

Jason Wang posted 1 patch 3 years, 12 months ago
Test docker-mingw@fedora passed
Test checkpatch passed
Test asan passed
Test docker-quick@centos7 passed
Test FreeBSD passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200511040453.23956-1-jasowang@redhat.com
Maintainers: Jason Wang <jasowang@redhat.com>
net/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
Posted by Jason Wang 3 years, 12 months ago 
The sender of packet will be checked in the qemu_net_queue_purge() but
we use NetClientState not its peer when trying to purge the incoming
queue in qemu_flush_or_purge_packets(). This will trigger the assert
in virtio_net_reset since we can't pass the sender check.

Fix by using the peer.

Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/net.c b/net/net.c
index 38778e831d..9e47cf727d 100644
--- a/net/net.c
+++ b/net/net.c
@@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
         qemu_notify_event();
     } else if (purge) {
         /* Unable to empty the queue, purge remaining packets */
-        qemu_net_queue_purge(nc->incoming_queue, nc);
+        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
     }
 }
 
-- 
2.20.1
Re: [PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
Posted by Alexander Bulekov 3 years, 12 months ago 
On 200511 1204, Jason Wang wrote:
> The sender of packet will be checked in the qemu_net_queue_purge() but
> we use NetClientState not its peer when trying to purge the incoming
> queue in qemu_flush_or_purge_packets(). This will trigger the assert
> in virtio_net_reset since we can't pass the sender check.
> 
> Fix by using the peer.
> 
> Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Jason Wang <jasowang@redhat.com>

Hi Jason,
With this patch, I can no longer reproduce the crash

Acked-by: Alexander Bulekov <alxndr@bu.edu>

Thanks!

> ---
>  net/net.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/net.c b/net/net.c
> index 38778e831d..9e47cf727d 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
>          qemu_notify_event();
>      } else if (purge) {
>          /* Unable to empty the queue, purge remaining packets */
> -        qemu_net_queue_purge(nc->incoming_queue, nc);
> +        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
>      }
>  }
>  
> -- 
> 2.20.1
>
Re: [PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
Posted by Jason Wang 3 years, 11 months ago 
On 2020/5/11 下午12:21, Alexander Bulekov wrote:
> On 200511 1204, Jason Wang wrote:
>> The sender of packet will be checked in the qemu_net_queue_purge() but
>> we use NetClientState not its peer when trying to purge the incoming
>> queue in qemu_flush_or_purge_packets(). This will trigger the assert
>> in virtio_net_reset since we can't pass the sender check.
>>
>> Fix by using the peer.
>>
>> Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
>> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
>> Cc: qemu-stable@nongnu.org
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
> Hi Jason,
> With this patch, I can no longer reproduce the crash
>
> Acked-by: Alexander Bulekov <alxndr@bu.edu>
>
> Thanks!


Applied.

Thanks



>
>> ---
>>   net/net.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/net.c b/net/net.c
>> index 38778e831d..9e47cf727d 100644
>> --- a/net/net.c
>> +++ b/net/net.c
>> @@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
>>           qemu_notify_event();
>>       } else if (purge) {
>>           /* Unable to empty the queue, purge remaining packets */
>> -        qemu_net_queue_purge(nc->incoming_queue, nc);
>> +        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
>>       }
>>   }
>>   
>> -- 
>> 2.20.1
>>
Re: [PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
Posted by Philippe Mathieu-Daudé 3 years, 11 months ago 
Hi Jason,

On 5/18/20 5:34 AM, Jason Wang wrote:
> On 2020/5/11 下午12:21, Alexander Bulekov wrote:
>> On 200511 1204, Jason Wang wrote:
>>> The sender of packet will be checked in the qemu_net_queue_purge() but
>>> we use NetClientState not its peer when trying to purge the incoming
>>> queue in qemu_flush_or_purge_packets(). This will trigger the assert
>>> in virtio_net_reset since we can't pass the sender check.
>>>
>>> Fix by using the peer.

Can you please include the backtrace:

hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion
`!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
#9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
#10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
#11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
#12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
#13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13
#14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
#15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
#16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16

And link to reproducer:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html

Thanks,

Phil.

(Alexander, this is an example of why launchpad bug reports are easier 
to refer in commit history).

>>>
>>> Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
>>> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
>>> Cc: qemu-stable@nongnu.org
>>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> Hi Jason,
>> With this patch, I can no longer reproduce the crash
>>
>> Acked-by: Alexander Bulekov <alxndr@bu.edu>
>>
>> Thanks!
> 
> 
> Applied.
> 
> Thanks
> 
> 
> 
>>
>>> ---
>>>   net/net.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/net.c b/net/net.c
>>> index 38778e831d..9e47cf727d 100644
>>> --- a/net/net.c
>>> +++ b/net/net.c
>>> @@ -610,7 +610,7 @@ void 
>>> qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
>>>           qemu_notify_event();
>>>       } else if (purge) {
>>>           /* Unable to empty the queue, purge remaining packets */
>>> -        qemu_net_queue_purge(nc->incoming_queue, nc);
>>> +        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
>>>       }
>>>   }
>>> -- 
>>> 2.20.1
>>>
> 
>
Re: [PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()
Posted by Jason Wang 3 years, 11 months ago 
On 2020/5/18 下午4:00, Philippe Mathieu-Daudé wrote:
> Hi Jason,
>
> On 5/18/20 5:34 AM, Jason Wang wrote:
>> On 2020/5/11 下午12:21, Alexander Bulekov wrote:
>>> On 200511 1204, Jason Wang wrote:
>>>> The sender of packet will be checked in the qemu_net_queue_purge() but
>>>> we use NetClientState not its peer when trying to purge the incoming
>>>> queue in qemu_flush_or_purge_packets(). This will trigger the assert
>>>> in virtio_net_reset since we can't pass the sender check.
>>>>
>>>> Fix by using the peer.
>
> Can you please include the backtrace:
>
> hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion
> `!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
> #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
> #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
> #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
> #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
> #13 0x55a341db3e02 in virtio_pci_common_write 
> hw/virtio/virtio-pci.c:1252:13
> #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
> #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
> #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16
>
> And link to reproducer:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html
>
> Thanks,


Done.

Thanks


>
> Phil.
>
> (Alexander, this is an example of why launchpad bug reports are easier 
> to refer in commit history).
>
>>>>
>>>> Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
>>>> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
>>>> Cc: qemu-stable@nongnu.org
>>>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>>> Hi Jason,
>>> With this patch, I can no longer reproduce the crash
>>>
>>> Acked-by: Alexander Bulekov <alxndr@bu.edu>
>>>
>>> Thanks!
>>
>>
>> Applied.
>>
>> Thanks
>>
>>
>>
>>>
>>>> ---
>>>>   net/net.c | 2 +-
>>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/net/net.c b/net/net.c
>>>> index 38778e831d..9e47cf727d 100644
>>>> --- a/net/net.c
>>>> +++ b/net/net.c
>>>> @@ -610,7 +610,7 @@ void 
>>>> qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
>>>>           qemu_notify_event();
>>>>       } else if (purge) {
>>>>           /* Unable to empty the queue, purge remaining packets */
>>>> -        qemu_net_queue_purge(nc->incoming_queue, nc);
>>>> +        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
>>>>       }
>>>>   }
>>>> -- 
>>>> 2.20.1
>>>>
>>
>>
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.