Patchwork tap: clear vhost_net backend on cleanup

login
register
mail settings
Submitter Michael S. Tsirkin
Date Oct. 27, 2010, 6:03 p.m.
Message ID <20101027180343.GA27426@redhat.com>
Download mbox | patch
Permalink /patch/69376/
State New
Headers show

Comments

Michael S. Tsirkin - Oct. 27, 2010, 6:03 p.m.
Frontends calling tap_get_vhost_net get an invalid pointer after the
peer backend has been deleted. Jason Wang <jasowang@redhat.com> reports
this leading to a crash in ack_features when we remove the vhost-net
bakend of a virtio nic.

The fix is simply to clear the backend pointer.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

Jason, could you please confirm whether this patch
will fix the issue you have observed?

Thanks,

 net/tap.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Jason Wang - Oct. 28, 2010, 7:40 a.m.
Michael S. Tsirkin writes:
 > Frontends calling tap_get_vhost_net get an invalid pointer after the
 > peer backend has been deleted. Jason Wang <jasowang@redhat.com> reports
 > this leading to a crash in ack_features when we remove the vhost-net
 > bakend of a virtio nic.
 > 
 > The fix is simply to clear the backend pointer.
 > 
 > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 > ---
 > 
 > Jason, could you please confirm whether this patch
 > will fix the issue you have observed?
 > 
 > Thanks,
 > 

Yes it does, and how about also add assign fd to -1 in tap_cleanup()
and then check it in virtio_net_set_features() otherwise we could get
warning of the failure of offload setting?

 >  net/tap.c |    1 +
 >  1 files changed, 1 insertions(+), 0 deletions(-)
 > 
 > diff --git a/net/tap.c b/net/tap.c
 > index 0147dab..4cfa538 100644
 > --- a/net/tap.c
 > +++ b/net/tap.c
 > @@ -258,6 +258,7 @@ static void tap_cleanup(VLANClientState *nc)
 >  
 >      if (s->vhost_net) {
 >          vhost_net_cleanup(s->vhost_net);
 > +        s->vhost_net = NULL;
 >      }
 >  
 >      qemu_purge_queued_packets(nc);
 > -- 
 > 1.7.3.2.91.g446ac

Patch

diff --git a/net/tap.c b/net/tap.c
index 0147dab..4cfa538 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -258,6 +258,7 @@  static void tap_cleanup(VLANClientState *nc)
 
     if (s->vhost_net) {
         vhost_net_cleanup(s->vhost_net);
+        s->vhost_net = NULL;
     }
 
     qemu_purge_queued_packets(nc);