[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f811f9: virtio-serial-bus: Unset hotplug hand
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] f811f9: virtio-serial-bus: Unset hotplug handler when unre... |
|
Date: |
Fri, 02 Jun 2017 10:36:40 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: f811f97040a48358b456b46ecbc9167f0131034f
https://github.com/qemu/qemu/commit/f811f97040a48358b456b46ecbc9167f0131034f
Author: Ladi Prosek <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/char/virtio-serial-bus.c
Log Message:
-----------
virtio-serial-bus: Unset hotplug handler when unrealize
Virtio serial device controls the lifetime of virtio-serial-bus and
virtio-serial-bus links back to the device via its hotplug-handler
property. This extra ref-count prevents the device from getting
finalized, leaving the VirtIODevice memory listener registered and
leading to use-after-free later on.
This patch addresses the same issue as Fam Zheng's
"virtio-scsi: Unset hotplug handler when unrealize"
only for a different virtio device.
Cc: address@hidden
Signed-off-by: Ladi Prosek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Fam Zheng <address@hidden>
Commit: b0ac429f1346e9fa13206d748bedc9bd497a55bc
https://github.com/qemu/qemu/commit/b0ac429f1346e9fa13206d748bedc9bd497a55bc
Author: Paolo Bonzini <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/virtio/trace-events
M hw/virtio/virtio.c
Log Message:
-----------
virtio: add virtqueue_alloc_element tracepoint
This tracepoint can help diagnosing failures due to memory
fragmentation in the guest.
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 46764fe09ca2e0f15c0981a672c166ed8cf57e72
https://github.com/qemu/qemu/commit/46764fe09ca2e0f15c0981a672c166ed8cf57e72
Author: Stefan Hajnoczi <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/char/virtio-serial-bus.c
Log Message:
-----------
virtio-serial: fix segfault on disconnect
Since commit d4c19cdeeb2f1e474bc426a6da261f1d7346eb5b ("virtio-serial:
add missing virtio_detach_element() call") the following commands may
cause QEMU to segfault:
$ qemu -M accel=kvm -cpu host -m 1G \
-drive if=virtio,file=test.img,format=raw \
-device virtio-serial-pci,id=virtio-serial0 \
-chardev socket,id=channel1,path=/tmp/chardev.sock,server,nowait \
-device virtserialport,chardev=channel1,bus=virtio-serial0.0,id=port1
$ nc -U /tmp/chardev.sock
^C
(guest)$ cat /dev/zero >/dev/vport0p1
The segfault is non-deterministic: if the event loop notices the socket
has been closed then there is no crash. The disconnect has to happen
right before QEMU attempts to write data to the socket.
The backtrace is as follows:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x00005555557e0698 in do_flush_queued_data (port=0x5555582cedf0,
vq=0x7fffcc854290, vdev=0x55555807b1d0) at hw/char/virtio-serial-bus.c:180
180 for (i = port->iov_idx; i < port->elem->out_num; i++) {
#1 0x000055555580d363 in virtio_queue_notify_vq (vq=0x7fffcc854290) at
hw/virtio/virtio.c:1524
#2 0x000055555580d363 in virtio_queue_host_notifier_read (n=0x7fffcc8542f8)
at hw/virtio/virtio.c:2430
#3 0x0000555555b3482c in aio_dispatch_handlers (address@hidden) at
util/aio-posix.c:399
#4 0x0000555555b350d8 in aio_dispatch (ctx=0x5555566b8c80) at
util/aio-posix.c:430
#5 0x0000555555b3212e in aio_ctx_dispatch (source=<optimized out>,
callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#6 0x00007fffde71de52 in g_main_context_dispatch () at
/lib64/libglib-2.0.so.0
#7 0x0000555555b34353 in glib_pollfds_poll () at util/main-loop.c:213
#8 0x0000555555b34353 in os_host_main_loop_wait (timeout=<optimized out>) at
util/main-loop.c:261
#9 0x0000555555b34353 in main_loop_wait (nonblocking=<optimized out>) at
util/main-loop.c:517
#10 0x0000555555773207 in main_loop () at vl.c:1917
#11 0x0000555555773207 in main (argc=<optimized out>, argv=<optimized out>,
envp=<optimized out>) at vl.c:4751
The do_flush_queued_data() function does not anticipate chardev close
events during vsc->have_data(). It expects port->elem to remain
non-NULL for the duration its for loop.
The fix is simply to return from do_flush_queued_data() if the port
closes because the close event already frees port->elem and drains the
virtqueue - there is nothing left for do_flush_queued_data() to do.
Reported-by: Sitong Liu <address@hidden>
Reported-by: Min Deng <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: fc58bd0d97c41dc3257001c86b2f802ae7255dff
https://github.com/qemu/qemu/commit/fc58bd0d97c41dc3257001c86b2f802ae7255dff
Author: Maxime Coquelin <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/virtio/vhost.c
M include/hw/virtio/vhost.h
Log Message:
-----------
vhost: propagate errors in vhost_device_iotlb_miss()
Some backends might want to know when things went wrong.
Signed-off-by: Maxime Coquelin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 020e571b8bf90e022bbb78346e189f0f26e4675f
https://github.com/qemu/qemu/commit/020e571b8bf90e022bbb78346e189f0f26e4675f
Author: Maxime Coquelin <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/virtio/vhost-backend.c
M hw/virtio/vhost.c
M include/hw/virtio/vhost-backend.h
Log Message:
-----------
vhost: rework IOTLB messaging
This patch reworks IOTLB messaging to prepare for vhost-user
device IOTLB support.
IOTLB messages handling is extracted from vhost-kernel backend,
so that only the messages transport remains backend specifics.
Signed-off-by: Maxime Coquelin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 2152f3fead5ddaf7bdbe370f9b87713eae683b75
https://github.com/qemu/qemu/commit/2152f3fead5ddaf7bdbe370f9b87713eae683b75
Author: Marc-André Lureau <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M hw/virtio/vhost-user.c
Log Message:
-----------
vhost-user: add vhost_user to hold the chr
Next patches will add more fields to the structure
Signed-off-by: Marc-André Lureau <address@hidden>
Signed-off-by: Maxime Coquelin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 4bbeeba023f22c117d7a4c561354b91a0bf62e42
https://github.com/qemu/qemu/commit/4bbeeba023f22c117d7a4c561354b91a0bf62e42
Author: Marc-André Lureau <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M docs/specs/vhost-user.txt
M hw/virtio/vhost-user.c
Log Message:
-----------
vhost-user: add slave-req-fd support
Learn to give a socket to the slave to let him make requests to the
master.
Signed-off-by: Marc-André Lureau <address@hidden>
Signed-off-by: Maxime Coquelin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 6dcdd06e3b0d0c5651219013ec975348e2050041
https://github.com/qemu/qemu/commit/6dcdd06e3b0d0c5651219013ec975348e2050041
Author: Maxime Coquelin <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M docs/specs/vhost-user.txt
M hw/net/vhost_net.c
M hw/virtio/vhost-user.c
Log Message:
-----------
spec/vhost-user spec: Add IOMMU support
This patch specifies and implements the master/slave communication
to support device IOTLB in slave.
The vhost_iotlb_msg structure introduced for kernel backends is
re-used, making the design close between the two backends.
An exception is the use of the secondary channel to enable the
slave to send IOTLB miss requests to the master.
Signed-off-by: Maxime Coquelin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: c6e84fbd447a51e1161d74d71566a5f67b47eac5
https://github.com/qemu/qemu/commit/c6e84fbd447a51e1161d74d71566a5f67b47eac5
Author: Peter Maydell <address@hidden>
Date: 2017-06-02 (Fri, 02 Jun 2017)
Changed paths:
M docs/specs/vhost-user.txt
M hw/char/virtio-serial-bus.c
M hw/net/vhost_net.c
M hw/virtio/trace-events
M hw/virtio/vhost-backend.c
M hw/virtio/vhost-user.c
M hw/virtio/vhost.c
M hw/virtio/virtio.c
M include/hw/virtio/vhost-backend.h
M include/hw/virtio/vhost.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, vhost: fixes, features
IOTLB support in vhost-user.
A bunch of fixes all over the place.
Signed-off-by: Michael S. Tsirkin <address@hidden>
# gpg: Signature made Fri 02 Jun 2017 17:33:25 BST
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <address@hidden>"
# gpg: aka "Michael S. Tsirkin <address@hidden>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
spec/vhost-user spec: Add IOMMU support
vhost-user: add slave-req-fd support
vhost-user: add vhost_user to hold the chr
vhost: rework IOTLB messaging
vhost: propagate errors in vhost_device_iotlb_miss()
virtio-serial: fix segfault on disconnect
virtio: add virtqueue_alloc_element tracepoint
virtio-serial-bus: Unset hotplug handler when unrealize
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/e32fb6da7e47...c6e84fbd447a
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f811f9: virtio-serial-bus: Unset hotplug handler when unre...,
GitHub <=