[PATCH v7.2.3 27/30] 9pfs/xen: Fix segfault on shutdown

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v7.2.3 27/30] 9pfs/xen: Fix segfault on shutdown

From:	Michael Tokarev
Subject:	[PATCH v7.2.3 27/30] 9pfs/xen: Fix segfault on shutdown
Date:	Wed, 17 May 2023 12:10:39 +0300

From: Jason Andryuk <jandryuk@gmail.com>

xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
out when free is called.  Do the teardown in _disconnect().  This
matches the setup done in _connect().

trace-events are also added for the XenDevOps functions.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
[C.S.: - Remove redundant return in xen_9pfs_free().
       - Add comment to trace-events. ]
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
(cherry picked from commit 92e667f6fd5806a6a705a2a43e572bd9ec6819da)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: minor context conflict in hw/9pfs/xen-9p-backend.c)
---
 hw/9pfs/trace-events     |  6 ++++++
 hw/9pfs/xen-9p-backend.c | 35 ++++++++++++++++++++++-------------
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
index 6c77966c0b..a12e55c165 100644
--- a/hw/9pfs/trace-events
+++ b/hw/9pfs/trace-events
@@ -48,3 +48,9 @@ v9fs_readlink(uint16_t tag, uint8_t id, int32_t fid) "tag %d 
id %d fid %d"
 v9fs_readlink_return(uint16_t tag, uint8_t id, char* target) "tag %d id %d 
name %s"
 v9fs_setattr(uint16_t tag, uint8_t id, int32_t fid, int32_t valid, int32_t 
mode, int32_t uid, int32_t gid, int64_t size, int64_t atime_sec, int64_t 
mtime_sec) "tag %u id %u fid %d iattr={valid %d mode %d uid %d gid %d size 
%"PRId64" atime=%"PRId64" mtime=%"PRId64" }"
 v9fs_setattr_return(uint16_t tag, uint8_t id) "tag %u id %u"
+
+# xen-9p-backend.c
+xen_9pfs_alloc(char *name) "name %s"
+xen_9pfs_connect(char *name) "name %s"
+xen_9pfs_disconnect(char *name) "name %s"
+xen_9pfs_free(char *name) "name %s"
diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c
index 65c4979c3c..ab1df8dd2f 100644
--- a/hw/9pfs/xen-9p-backend.c
+++ b/hw/9pfs/xen-9p-backend.c
@@ -24,6 +24,8 @@
 #include "qemu/option.h"
 #include "fsdev/qemu-fsdev.h"
 
+#include "trace.h"
+
 #define VERSIONS "1"
 #define MAX_RINGS 8
 #define MAX_RING_ORDER 9
@@ -335,6 +337,8 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice 
*xendev)
     Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
     int i;
 
+    trace_xen_9pfs_disconnect(xendev->name);
+
     for (i = 0; i < xen_9pdev->num_rings; i++) {
         if (xen_9pdev->rings[i].evtchndev != NULL) {
             qemu_set_fd_handler(xenevtchn_fd(xen_9pdev->rings[i].evtchndev),
@@ -343,39 +347,40 @@ static void xen_9pfs_disconnect(struct XenLegacyDevice 
*xendev)
                              xen_9pdev->rings[i].local_port);
             xen_9pdev->rings[i].evtchndev = NULL;
         }
-    }
-}
-
-static int xen_9pfs_free(struct XenLegacyDevice *xendev)
-{
-    Xen9pfsDev *xen_9pdev = container_of(xendev, Xen9pfsDev, xendev);
-    int i;
-
-    if (xen_9pdev->rings[0].evtchndev != NULL) {
-        xen_9pfs_disconnect(xendev);
-    }
-
-    for (i = 0; i < xen_9pdev->num_rings; i++) {
         if (xen_9pdev->rings[i].data != NULL) {
             xen_be_unmap_grant_refs(&xen_9pdev->xendev,
                                     xen_9pdev->rings[i].data,
                                     (1 << xen_9pdev->rings[i].ring_order));
+            xen_9pdev->rings[i].data = NULL;
         }
         if (xen_9pdev->rings[i].intf != NULL) {
             xen_be_unmap_grant_refs(&xen_9pdev->xendev,
                                     xen_9pdev->rings[i].intf,
                                     1);
+            xen_9pdev->rings[i].intf = NULL;
         }
         if (xen_9pdev->rings[i].bh != NULL) {
             qemu_bh_delete(xen_9pdev->rings[i].bh);
+            xen_9pdev->rings[i].bh = NULL;
         }
     }
 
     g_free(xen_9pdev->id);
+    xen_9pdev->id = NULL;
     g_free(xen_9pdev->tag);
+    xen_9pdev->tag = NULL;
     g_free(xen_9pdev->path);
+    xen_9pdev->path = NULL;
     g_free(xen_9pdev->security_model);
+    xen_9pdev->security_model = NULL;
     g_free(xen_9pdev->rings);
+    xen_9pdev->rings = NULL;
+}
+
+static int xen_9pfs_free(struct XenLegacyDevice *xendev)
+{
+    trace_xen_9pfs_free(xendev->name);
+
     return 0;
 }
 
@@ -387,6 +392,8 @@ static int xen_9pfs_connect(struct XenLegacyDevice *xendev)
     V9fsState *s = &xen_9pdev->state;
     QemuOpts *fsdev;
 
+    trace_xen_9pfs_connect(xendev->name);
+
     if (xenstore_read_fe_int(&xen_9pdev->xendev, "num-rings",
                              &xen_9pdev->num_rings) == -1 ||
         xen_9pdev->num_rings > MAX_RINGS || xen_9pdev->num_rings < 1) {
@@ -494,6 +501,8 @@ out:
 
 static void xen_9pfs_alloc(struct XenLegacyDevice *xendev)
 {
+    trace_xen_9pfs_alloc(xendev->name);
+
     xenstore_write_be_str(xendev, "versions", VERSIONS);
     xenstore_write_be_int(xendev, "max-rings", MAX_RINGS);
     xenstore_write_be_int(xendev, "max-ring-page-order", MAX_RING_ORDER);
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v7.2.3 18/30] target/riscv: Fix itrigger when icount is used, (continued)
- [PATCH v7.2.3 18/30] target/riscv: Fix itrigger when icount is used, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 22/30] tcg: ppc64: Fix mask generation for vextractdm, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 20/30] ui: Fix pixel colour channel order for PNG screenshots, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 24/30] virtio: fix reachable assertion due to stale value of cached region size, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 15/30] softfloat: Fix the incorrect computation in float32_exp2, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 21/30] async: Suppress GCC13 false positive in aio_bh_poll(), Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 23/30] hw/virtio/vhost-user: avoid using unitialized errp, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 26/30] target/s390x: Fix EXECUTE of relative branches, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 25/30] block/monitor: Fix crash when executing HMP commit, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 29/30] Revert "vhost-user: Monitor slave channel in vhost_user_read()", Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 27/30] 9pfs/xen: Fix segfault on shutdown, Michael Tokarev <=
- [PATCH v7.2.3 28/30] xen/pt: reserve PCI slot 2 for Intel igd-passthru, Michael Tokarev, 2023/05/17
- [PATCH v7.2.3 30/30] Revert "vhost-user: Introduce nested event loop in vhost_user_read()", Michael Tokarev, 2023/05/17

Prev by Date: [PATCH v7.2.3 29/30] Revert "vhost-user: Monitor slave channel in vhost_user_read()"
Next by Date: [PATCH v7.2.3 28/30] xen/pt: reserve PCI slot 2 for Intel igd-passthru
Previous by thread: [PATCH v7.2.3 29/30] Revert "vhost-user: Monitor slave channel in vhost_user_read()"
Next by thread: [PATCH v7.2.3 28/30] xen/pt: reserve PCI slot 2 for Intel igd-passthru
Index(es):
- Date
- Thread