Re: [PATCH] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()

[Jason Wang]

On 2020/5/18 下午4:00, Philippe Mathieu-Daudé wrote:
> Hi Jason,
>
> On 5/18/20 5:34 AM, Jason Wang wrote:
> > On 2020/5/11 下午12:21, Alexander Bulekov wrote:
> > > On 200511 1204, Jason Wang wrote:
> > > > The sender of packet will be checked in the qemu_net_queue_purge() but
> > > > we use NetClientState not its peer when trying to purge the incoming
> > > > queue in qemu_flush_or_purge_packets(). This will trigger the assert
> > > > in virtio_net_reset since we can't pass the sender check.
> > > >
> > > > Fix by using the peer.
>
> Can you please include the backtrace:
>
> hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion
> `!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
> #9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
> #10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
> #11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
> #12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
> #13 0x55a341db3e02 in virtio_pci_common_write 
> hw/virtio/virtio-pci.c:1252:13
> #14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
> #15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
> #16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16
>
> And link to reproducer:
> https://www.mail-archive.com/address@hidden/msg701914.html
>
> Thanks,


Done.

Thanks


> Phil.
>
> (Alexander, this is an example of why launchpad bug reports are easier 
> to refer in commit history).
>
> > > > Reported-by: "Alexander Bulekov" <address@hidden>
> > > > Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
> > > > Cc: address@hidden
> > > > Signed-off-by: Jason Wang <address@hidden>
> > > Hi Jason,
> > > With this patch, I can no longer reproduce the crash
> > >
> > > Acked-by: Alexander Bulekov <address@hidden>
> > >
> > > Thanks!
> >
> >
> > Applied.
> >
> > Thanks
> >
> >
> >
> > > > ---
> > > >   net/net.c | 2 +-
> > > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/net/net.c b/net/net.c
> > > > index 38778e831d..9e47cf727d 100644
> > > > --- a/net/net.c
> > > > +++ b/net/net.c
> > > > @@ -610,7 +610,7 @@ void 
> > > > qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge)
> > > >           qemu_notify_event();
> > > >       } else if (purge) {
> > > >           /* Unable to empty the queue, purge remaining packets */
> > > > -        qemu_net_queue_purge(nc->incoming_queue, nc);
> > > > +        qemu_net_queue_purge(nc->incoming_queue, nc->peer);
> > > >       }
> > > >   }
> > > > --
> > > > 2.20.1