The sender of packet will be checked in the qemu_net_queue_purge() but
we use NetClientState not its peer when trying to purge the incoming
queue in qemu_flush_or_purge_packets(). This will trigger the assert
in virtio_net_reset since we can't pass the sender check.
Fix by using the peer.
Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/net.c b/net/net.c
index 38778e831d..9e47cf727d 100644
--- a/net/net.c
+++ b/net/net.c
@@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
qemu_notify_event();
} else if (purge) {
/* Unable to empty the queue, purge remaining packets */
- qemu_net_queue_purge(nc->incoming_queue, nc);
+ qemu_net_queue_purge(nc->incoming_queue, nc->peer);
}
}
--
2.20.1
On 200511 1204, Jason Wang wrote: > The sender of packet will be checked in the qemu_net_queue_purge() but > we use NetClientState not its peer when trying to purge the incoming > queue in qemu_flush_or_purge_packets(). This will trigger the assert > in virtio_net_reset since we can't pass the sender check. > > Fix by using the peer. > > Reported-by: "Alexander Bulekov" <alxndr@bu.edu> > Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop") > Cc: qemu-stable@nongnu.org > Signed-off-by: Jason Wang <jasowang@redhat.com> Hi Jason, With this patch, I can no longer reproduce the crash Acked-by: Alexander Bulekov <alxndr@bu.edu> Thanks! > --- > net/net.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/net.c b/net/net.c > index 38778e831d..9e47cf727d 100644 > --- a/net/net.c > +++ b/net/net.c > @@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge) > qemu_notify_event(); > } else if (purge) { > /* Unable to empty the queue, purge remaining packets */ > - qemu_net_queue_purge(nc->incoming_queue, nc); > + qemu_net_queue_purge(nc->incoming_queue, nc->peer); > } > } > > -- > 2.20.1 >
On 2020/5/11 下午12:21, Alexander Bulekov wrote: > On 200511 1204, Jason Wang wrote: >> The sender of packet will be checked in the qemu_net_queue_purge() but >> we use NetClientState not its peer when trying to purge the incoming >> queue in qemu_flush_or_purge_packets(). This will trigger the assert >> in virtio_net_reset since we can't pass the sender check. >> >> Fix by using the peer. >> >> Reported-by: "Alexander Bulekov" <alxndr@bu.edu> >> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop") >> Cc: qemu-stable@nongnu.org >> Signed-off-by: Jason Wang <jasowang@redhat.com> > Hi Jason, > With this patch, I can no longer reproduce the crash > > Acked-by: Alexander Bulekov <alxndr@bu.edu> > > Thanks! Applied. Thanks > >> --- >> net/net.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/net/net.c b/net/net.c >> index 38778e831d..9e47cf727d 100644 >> --- a/net/net.c >> +++ b/net/net.c >> @@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge) >> qemu_notify_event(); >> } else if (purge) { >> /* Unable to empty the queue, purge remaining packets */ >> - qemu_net_queue_purge(nc->incoming_queue, nc); >> + qemu_net_queue_purge(nc->incoming_queue, nc->peer); >> } >> } >> >> -- >> 2.20.1 >>
Hi Jason, On 5/18/20 5:34 AM, Jason Wang wrote: > On 2020/5/11 下午12:21, Alexander Bulekov wrote: >> On 200511 1204, Jason Wang wrote: >>> The sender of packet will be checked in the qemu_net_queue_purge() but >>> we use NetClientState not its peer when trying to purge the incoming >>> queue in qemu_flush_or_purge_packets(). This will trigger the assert >>> in virtio_net_reset since we can't pass the sender check. >>> >>> Fix by using the peer. Can you please include the backtrace: hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion `!virtio_net_get_subqueue(nc)->async_tx.elem' failed. #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13 #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9 #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9 #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5 #13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13 #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5 #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18 #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16 And link to reproducer: https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html Thanks, Phil. (Alexander, this is an example of why launchpad bug reports are easier to refer in commit history). >>> >>> Reported-by: "Alexander Bulekov" <alxndr@bu.edu> >>> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop") >>> Cc: qemu-stable@nongnu.org >>> Signed-off-by: Jason Wang <jasowang@redhat.com> >> Hi Jason, >> With this patch, I can no longer reproduce the crash >> >> Acked-by: Alexander Bulekov <alxndr@bu.edu> >> >> Thanks! > > > Applied. > > Thanks > > > >> >>> --- >>> net/net.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/net/net.c b/net/net.c >>> index 38778e831d..9e47cf727d 100644 >>> --- a/net/net.c >>> +++ b/net/net.c >>> @@ -610,7 +610,7 @@ void >>> qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge) >>> qemu_notify_event(); >>> } else if (purge) { >>> /* Unable to empty the queue, purge remaining packets */ >>> - qemu_net_queue_purge(nc->incoming_queue, nc); >>> + qemu_net_queue_purge(nc->incoming_queue, nc->peer); >>> } >>> } >>> -- >>> 2.20.1 >>> > >
On 2020/5/18 下午4:00, Philippe Mathieu-Daudé wrote: > Hi Jason, > > On 5/18/20 5:34 AM, Jason Wang wrote: >> On 2020/5/11 下午12:21, Alexander Bulekov wrote: >>> On 200511 1204, Jason Wang wrote: >>>> The sender of packet will be checked in the qemu_net_queue_purge() but >>>> we use NetClientState not its peer when trying to purge the incoming >>>> queue in qemu_flush_or_purge_packets(). This will trigger the assert >>>> in virtio_net_reset since we can't pass the sender check. >>>> >>>> Fix by using the peer. > > Can you please include the backtrace: > > hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion > `!virtio_net_get_subqueue(nc)->async_tx.elem' failed. > #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13 > #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9 > #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9 > #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5 > #13 0x55a341db3e02 in virtio_pci_common_write > hw/virtio/virtio-pci.c:1252:13 > #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5 > #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18 > #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16 > > And link to reproducer: > https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html > > Thanks, Done. Thanks > > Phil. > > (Alexander, this is an example of why launchpad bug reports are easier > to refer in commit history). > >>>> >>>> Reported-by: "Alexander Bulekov" <alxndr@bu.edu> >>>> Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop") >>>> Cc: qemu-stable@nongnu.org >>>> Signed-off-by: Jason Wang <jasowang@redhat.com> >>> Hi Jason, >>> With this patch, I can no longer reproduce the crash >>> >>> Acked-by: Alexander Bulekov <alxndr@bu.edu> >>> >>> Thanks! >> >> >> Applied. >> >> Thanks >> >> >> >>> >>>> --- >>>> net/net.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/net/net.c b/net/net.c >>>> index 38778e831d..9e47cf727d 100644 >>>> --- a/net/net.c >>>> +++ b/net/net.c >>>> @@ -610,7 +610,7 @@ void >>>> qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge) >>>> qemu_notify_event(); >>>> } else if (purge) { >>>> /* Unable to empty the queue, purge remaining packets */ >>>> - qemu_net_queue_purge(nc->incoming_queue, nc); >>>> + qemu_net_queue_purge(nc->incoming_queue, nc->peer); >>>> } >>>> } >>>> -- >>>> 2.20.1 >>>> >> >> >
© 2016 - 2024 Red Hat, Inc.