From nobody Fri Apr 4 06:40:06 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17420199700991020.6232330688953; Fri, 14 Mar 2025 23:26:10 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ttKy8-0000GA-NT; Sat, 15 Mar 2025 02:26:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ttKuW-0001ho-Oq; Sat, 15 Mar 2025 02:22:17 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ttKuU-0003of-9F; Sat, 15 Mar 2025 02:22:16 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 1BD09FF9F7; Sat, 15 Mar 2025 09:17:08 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id E76E71CAC60; Sat, 15 Mar 2025 09:18:01 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 92B1755905; Sat, 15 Mar 2025 09:18:01 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Lei Yang , Jonah Palmer , Jason Wang , Michael Tokarev Subject: [Stable-9.2.3 43/51] net: move backend cleanup to NIC cleanup Date: Sat, 15 Mar 2025 09:17:49 +0300 Message-Id: <20250315061801.622606-43-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1742019973025019100 From: Eugenio P=C3=A9rez Commit a0d7215e33 ("vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present") effectively delayed the backend cleanup, allowing the frontend or the guest to access it resources as long as the frontend is still visible to the guest. However it does not clean up the resources until the qemu process is over. This causes an effective leak if the device is deleted with device_del, as there is no way to close the vdpa device. This makes impossible to re-add that device to this or other QEMU instances until the first instance of QEMU is finished. Move the cleanup from qemu_cleanup to the NIC deletion and to net_cleanup. Fixes: a0d7215e33 ("vhost-vdpa: do not cleanup the vdpa/vhost-net structure= s if peer nic is present") Reported-by: Lei Yang Signed-off-by: Eugenio P=C3=A9rez Signed-off-by: Jonah Palmer Signed-off-by: Jason Wang (cherry picked from commit e7891c575fb294618b172119a91c892b8f4384a2) Signed-off-by: Michael Tokarev diff --git a/net/net.c b/net/net.c index 1360ca4321..232f8fde46 100644 --- a/net/net.c +++ b/net/net.c @@ -428,7 +428,13 @@ void qemu_del_net_client(NetClientState *nc) object_unparent(OBJECT(nf)); } =20 - /* If there is a peer NIC, delete and cleanup client, but do not free.= */ + /* + * If there is a peer NIC, transfer ownership to it. Delete the client + * from net_client list but do not cleanup nor free. This way NIC can + * still access to members of the backend. + * + * The cleanup and free will be done when the NIC is free. + */ if (nc->peer && nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_NIC) { NICState *nic =3D qemu_get_nic(nc->peer); if (nic->peer_deleted) { @@ -438,16 +444,13 @@ void qemu_del_net_client(NetClientState *nc) =20 for (i =3D 0; i < queues; i++) { ncs[i]->peer->link_down =3D true; + QTAILQ_REMOVE(&net_clients, ncs[i], next); } =20 if (nc->peer->info->link_status_changed) { nc->peer->info->link_status_changed(nc->peer); } =20 - for (i =3D 0; i < queues; i++) { - qemu_cleanup_net_client(ncs[i], true); - } - return; } =20 @@ -465,8 +468,12 @@ void qemu_del_nic(NICState *nic) =20 for (i =3D 0; i < queues; i++) { NetClientState *nc =3D qemu_get_subqueue(nic, i); - /* If this is a peer NIC and peer has already been deleted, free i= t now. */ + /* + * If this is a peer NIC and peer has already been deleted, clean = it up + * and free it now. + */ if (nic->peer_deleted) { + qemu_cleanup_net_client(nc->peer, false); qemu_free_net_client(nc->peer); } else if (nc->peer) { /* if there are RX packets pending, complete them */ @@ -1681,6 +1688,9 @@ void net_cleanup(void) * of the latest NET_CLIENT_DRIVER_NIC, and operate on *p as we walk * the list. * + * However, the NIC may have peers that trust to be clean beyond this + * point. For example, if they have been removed with device_del. + * * The 'nc' variable isn't part of the list traversal; it's purely * for convenience as too much '(*p)->' has a tendency to make the * readers' eyes bleed. @@ -1688,6 +1698,17 @@ void net_cleanup(void) while (*p) { nc =3D *p; if (nc->info->type =3D=3D NET_CLIENT_DRIVER_NIC) { + NICState *nic =3D qemu_get_nic(nc); + + if (nic->peer_deleted) { + int queues =3D MAX(nic->conf->peers.queues, 1); + + for (int i =3D 0; i < queues; i++) { + nc =3D qemu_get_subqueue(nic, i); + qemu_cleanup_net_client(nc->peer, false); + } + } + /* Skip NET_CLIENT_DRIVER_NIC entries */ p =3D &QTAILQ_NEXT(nc, next); } else { diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c index 231b45246c..7195d340a0 100644 --- a/net/vhost-vdpa.c +++ b/net/vhost-vdpa.c @@ -224,14 +224,6 @@ static void vhost_vdpa_cleanup(NetClientState *nc) { VhostVDPAState *s =3D DO_UPCAST(VhostVDPAState, nc, nc); =20 - /* - * If a peer NIC is attached, do not cleanup anything. - * Cleanup will happen as a part of qemu_cleanup() -> net_cleanup() - * when the guest is shutting down. - */ - if (nc->peer && nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_NIC) { - return; - } munmap(s->cvq_cmd_out_buffer, vhost_vdpa_net_cvq_cmd_page_len()); munmap(s->status, vhost_vdpa_net_cvq_cmd_page_len()); if (s->vhost_net) { --=20 2.39.5