[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH v2] virtio-blk: drain block before cleanup |
Date: |
Wed, 14 Jun 2017 10:20:44 +0100 |
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Tue, Jun 13, 2017 at 12:35:21PM +0200, Gioh Kim wrote:
> I'd like to report one use-after-free problem which is found by
> AddressSanitizer.
> My company provides virtualization server with Qemu-2.7.
I have tried the following but was unable to reproduce a segfault.
Please reproduce this issue with qemu.git/master and post the steps:
$ qemu -M accel=kvm -cpu host -m 1G \
-drive if=none,id=drive0,file=test.img,format=raw \
-device virtio-blk-pci,drive=drive0,id=virtio-blk-pci0 \
-drive
if=none,id=drive1,file.driver=null-co,file.read-zeroes=on,file.latency-ns=5000000000,format=raw
\
-device virtio-blk-pci,drive=drive1,id=virtio-blk-pci1 \
-d trace:virtio_blk_\*
First I just wanted to see what happens when system_reset is invoked
while a request is in flight:
guest$ dd if=/dev/vdb of=/dev/null iflag=direct bs=512 count=1
(qemu) system_reset
address@hidden:virtio_blk_handle_read vdev 0x62d00006c910 req 0x611000b07880
sector 0 nsectors 1
> virtio_pci_reset vdev 0x62d00006c910
address@hidden:virtio_blk_data_plane_stop dataplane 0x606000096c80
address@hidden:virtio_blk_rw_complete vdev 0x62d00006c910 req 0x611000b07880
ret 0
address@hidden:virtio_blk_req_complete vdev 0x62d00006c910 req 0x611000b07880
status 0
> virtio_blk_reset vdev 0x62d00006c910
Requests are drained in virtio_blk_data_plane_stop() and again in
virtio_blk_reset() so in-flight requests will exist across system_reset.
Next I tried what you suggested:
guest$ dd if=/dev/vdb of=/dev/null iflag=direct bs=512 count=1
(qemu) device_del virtio-blk-pci1
(qemu) system_reset
address@hidden:virtio_blk_handle_read vdev 0x62d00006c910 req 0x611001464040
sector 0 nsectors 1
address@hidden:virtio_blk_data_plane_stop dataplane 0x606000096c80
address@hidden:virtio_blk_rw_complete vdev 0x62d00006c910 req 0x611001464040
ret 0
address@hidden:virtio_blk_req_complete vdev 0x62d00006c910 req 0x611001464040
status 0
The request was also drained by virtio_blk_data_plane_stop().
(I added the vdev parameter to the trace events to make it easy to
identify the virtio-blk device that a request belongs to. I will send a
patch to qemu-devel.)
Stefan
signature.asc
Description: PGP signature