| Message ID | 20230913123408.2819185-1-eperezma@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | vdpa net: zero vhost_vdpa iova_tree pointer at cleanup | expand |
On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote: > > Not zeroing it causes a SIGSEGV if the live migration is cancelled, at > net device restart. > > This is caused because CVQ tries to reuse the iova_tree that is present > in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start. > As a consequence, it tries to access an iova_tree that has been already > free. > > Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start") > Reported-by: Yanhui Ma <yama@redhat.com> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Thanks > --- > net/vhost-vdpa.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c > index 34202ca009..1714ff4b11 100644 > --- a/net/vhost-vdpa.c > +++ b/net/vhost-vdpa.c > @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc) > dev = s->vhost_vdpa.dev; > if (dev->vq_index + dev->nvqs == dev->vq_index_end) { > g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete); > + } else { > + s->vhost_vdpa.iova_tree = NULL; > } > } > > -- > 2.39.3 >
QE tested this patch with real nic,guest can works well after cancelling migration. Tested-by: Lei Yang <leiyang@redhat.com> On Thu, Sep 14, 2023 at 11:23 AM Jason Wang <jasowang@redhat.com> wrote: > > On Wed, Sep 13, 2023 at 8:34 PM Eugenio Pérez <eperezma@redhat.com> wrote: > > > > Not zeroing it causes a SIGSEGV if the live migration is cancelled, at > > net device restart. > > > > This is caused because CVQ tries to reuse the iova_tree that is present > > in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start. > > As a consequence, it tries to access an iova_tree that has been already > > free. > > > > Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start") > > Reported-by: Yanhui Ma <yama@redhat.com> > > Signed-off-by: Eugenio Pérez <eperezma@redhat.com> > > Acked-by: Jason Wang <jasowang@redhat.com> > > Thanks > > > --- > > net/vhost-vdpa.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c > > index 34202ca009..1714ff4b11 100644 > > --- a/net/vhost-vdpa.c > > +++ b/net/vhost-vdpa.c > > @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc) > > dev = s->vhost_vdpa.dev; > > if (dev->vq_index + dev->nvqs == dev->vq_index_end) { > > g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete); > > + } else { > > + s->vhost_vdpa.iova_tree = NULL; > > } > > } > > > > -- > > 2.39.3 > > >
On 9/13/2023 5:34 AM, Eugenio Pérez wrote: > Not zeroing it causes a SIGSEGV if the live migration is cancelled, at > net device restart. > > This is caused because CVQ tries to reuse the iova_tree that is present > in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start. > As a consequence, it tries to access an iova_tree that has been already > free. > > Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start") > Reported-by: Yanhui Ma <yama@redhat.com> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com> > --- > net/vhost-vdpa.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c > index 34202ca009..1714ff4b11 100644 > --- a/net/vhost-vdpa.c > +++ b/net/vhost-vdpa.c > @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc) > dev = s->vhost_vdpa.dev; > if (dev->vq_index + dev->nvqs == dev->vq_index_end) { > g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete); > + } else { > + s->vhost_vdpa.iova_tree = NULL; > } > } >
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c index 34202ca009..1714ff4b11 100644 --- a/net/vhost-vdpa.c +++ b/net/vhost-vdpa.c @@ -385,6 +385,8 @@ static void vhost_vdpa_net_client_stop(NetClientState *nc) dev = s->vhost_vdpa.dev; if (dev->vq_index + dev->nvqs == dev->vq_index_end) { g_clear_pointer(&s->vhost_vdpa.iova_tree, vhost_iova_tree_delete); + } else { + s->vhost_vdpa.iova_tree = NULL; } }
Not zeroing it causes a SIGSEGV if the live migration is cancelled, at net device restart. This is caused because CVQ tries to reuse the iova_tree that is present in the first vhost_vdpa device at the end of vhost_vdpa_net_cvq_start. As a consequence, it tries to access an iova_tree that has been already free. Fixes: 00ef422e9fbf ("vdpa net: move iova tree creation from init to start") Reported-by: Yanhui Ma <yama@redhat.com> Signed-off-by: Eugenio Pérez <eperezma@redhat.com> --- net/vhost-vdpa.c | 2 ++ 1 file changed, 2 insertions(+)