Pablo Greco e6a3ae
From 335e94e588ded0f1163ef20c72d78fcf725b1236 Mon Sep 17 00:00:00 2001
Pablo Greco e6a3ae
From: Julia Suvorova <jusual@redhat.com>
Pablo Greco e6a3ae
Date: Tue, 4 Feb 2020 18:20:04 +0000
Pablo Greco e6a3ae
Subject: [PATCH 3/6] clean up callback when del virtqueue
Pablo Greco e6a3ae
Pablo Greco e6a3ae
RH-Author: Julia Suvorova <jusual@redhat.com>
Pablo Greco e6a3ae
Message-id: <20200204182007.183537-2-jusual@redhat.com>
Pablo Greco e6a3ae
Patchwork-id: 93703
Pablo Greco e6a3ae
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/4] clean up callback when del virtqueue
Pablo Greco e6a3ae
Bugzilla: 1708480
Pablo Greco e6a3ae
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Pablo Greco e6a3ae
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
Pablo Greco e6a3ae
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
Pablo Greco e6a3ae
Pablo Greco e6a3ae
From: liujunjie <liujunjie23@huawei.com>
Pablo Greco e6a3ae
Pablo Greco e6a3ae
Before, we did not clear callback like handle_output when delete
Pablo Greco e6a3ae
the virtqueue which may result be segmentfault.
Pablo Greco e6a3ae
The scene is as follows:
Pablo Greco e6a3ae
1. Start a vm with multiqueue vhost-net,
Pablo Greco e6a3ae
2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to
Pablo Greco e6a3ae
triger multiqueue disable in this vm which will delete the virtqueue.
Pablo Greco e6a3ae
In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh
Pablo Greco e6a3ae
still exist.
Pablo Greco e6a3ae
3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to
Pablo Greco e6a3ae
notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh
Pablo Greco e6a3ae
will be called and qemu will be crashed.
Pablo Greco e6a3ae
Pablo Greco e6a3ae
Although the way described above is uncommon, we had better reinforce it.
Pablo Greco e6a3ae
Pablo Greco e6a3ae
CC: qemu-stable@nongnu.org
Pablo Greco e6a3ae
Signed-off-by: liujunjie <liujunjie23@huawei.com>
Pablo Greco e6a3ae
Signed-off-by: Jason Wang <jasowang@redhat.com>
Pablo Greco e6a3ae
(cherry picked from commit 7da2d99fb9fbf30104125c061caaff330e362d74)
Pablo Greco e6a3ae
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Pablo Greco e6a3ae
---
Pablo Greco e6a3ae
 hw/virtio/virtio.c | 2 ++
Pablo Greco e6a3ae
 1 file changed, 2 insertions(+)
Pablo Greco e6a3ae
Pablo Greco e6a3ae
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
Pablo Greco e6a3ae
index fce199e..6356bf3 100644
Pablo Greco e6a3ae
--- a/hw/virtio/virtio.c
Pablo Greco e6a3ae
+++ b/hw/virtio/virtio.c
Pablo Greco e6a3ae
@@ -1609,6 +1609,8 @@ void virtio_del_queue(VirtIODevice *vdev, int n)
Pablo Greco e6a3ae
 
Pablo Greco e6a3ae
     vdev->vq[n].vring.num = 0;
Pablo Greco e6a3ae
     vdev->vq[n].vring.num_default = 0;
Pablo Greco e6a3ae
+    vdev->vq[n].handle_output = NULL;
Pablo Greco e6a3ae
+    vdev->vq[n].handle_aio_output = NULL;
Pablo Greco e6a3ae
 }
Pablo Greco e6a3ae
 
Pablo Greco e6a3ae
 static void virtio_set_isr(VirtIODevice *vdev, int value)
Pablo Greco e6a3ae
-- 
Pablo Greco e6a3ae
1.8.3.1
Pablo Greco e6a3ae