回复: Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers

[雷翔]

As I found it introduced from  commit: 7d37d351dffee60fc7048bbfd8573421f15eb724

From the code you look at, g_free should belongs to the lable  config_assign_error.  this code patch has been revert, latest code lable is 'assign_error'  
and we tested, it's also happend in 6.2.0. but in 7.1.0 or 7.2.0, new assert crash happend before it goes into virtio_pci_set_guest_notifiers. we can't reproduce the problem before fix the new crash problem.

crash info:
>2022-12-23T02:48:32Z qemu-system-aarch64: virtio-scsi: Failed to set guest notifiers (-11), ensure -accel kvm is set.
>2022-12-23T02:48:32Z qemu-system-aarch64: virtio_bus_start_ioeventfd: failed. Fallback to userspace (slower).
>qemu-system-aarch64: ../hw/scsi/virtio-scsi.c:832: virtio_scsi_reset: Assertion `!s->dataplane_started' failed.
>2022-12-23 02:48:53.235+0000: shutting down, reason=crashed



----

 

主　题：Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
日　期：2022-12-20 22:42
发件人：Michael S. Tsirkin
收件人：雷翔;

On Wed, Nov 30, 2022 at 01:56:11PM +0800, leixiang wrote:
> proxy->vector_irqfd did not free when set guest notifier failed.

Can you pls add a Fixes tag so people know where to backport this?

> Signed-off-by: Lei Xiang
> Tested-by: Zeng Chi
> Suggested-by: Xie Ming

Looking at the code I see this:

/* Must set vector notifier after guest notifier has been assigned */
if ((with_irqfd ||
(vdev->use_guest_notifier_mask && k->guest_notifier_mask)) &&
assign) {
if (with_irqfd) {
proxy->vector_irqfd =
g_malloc0(sizeof(*proxy->vector_irqfd) *
msix_nr_vectors_allocated(&proxy->pci_dev));
r = kvm_virtio_pci_vector_vq_use(proxy, nvqs);
if (r goto config_assign_error;
}
r = kvm_virtio_pci_vector_config_use(proxy);
if (r goto config_error;
}
}

r = msix_set_vector_notifiers(&proxy->pci_dev, virtio_pci_vector_unmask,
virtio_pci_vector_mask,
virtio_pci_vector_poll);
if (r goto notifiers_error;
}
}


doesn't this mean g_free belongs at the label config_assign_error?


> ---
> hw/virtio/virtio-pci.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index c6b47a9c..4862f83b 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1038,6 +1038,12 @@ assign_error:
> while (--n >= 0) {
> virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
> }
> +
> + g_free(proxy->vector_irqfd);
> + proxy->vector_irqfd = NULL;
> +
> return r;
> }
>
> --
>
>
> No virus found
> Checked by Hillstone Network AntiVirus


The patch is corrupted. Line counts are wrong, and your antivirus added
trash at the end.

--
MST