mirror of
https://github.com/qemu/qemu.git
synced 2024-11-27 22:03:35 +08:00
41d4e5ec9f
"nc" is freed after hotplug vhost-user, but the watcher is not removed. The QEMU crash when the watcher access the "nc" when socket disconnects. Program received signal SIGSEGV, Segmentation fault. #0 object_get_class (obj=obj@entry=0x2) at qom/object.c:750 #1 0x00007f9bb4180da1 in qemu_chr_fe_disconnect (be=<optimized out>) at chardev/char-fe.c:372 #2 0x00007f9bb40d1100 in net_vhost_user_watch (chan=<optimized out>, cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:188 #3 0x00007f9baf97f99a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #4 0x00007f9bb41d7ebc in glib_pollfds_poll () at util/main-loop.c:213 #5 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261 #6 main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:515 #7 0x00007f9bb3e266a7 in main_loop () at vl.c:1917 #8 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4786 Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
397 lines
11 KiB
C
397 lines
11 KiB
C
/*
|
|
* vhost-user.c
|
|
*
|
|
* Copyright (c) 2013 Virtual Open Systems Sarl.
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "clients.h"
|
|
#include "net/vhost_net.h"
|
|
#include "net/vhost-user.h"
|
|
#include "chardev/char-fe.h"
|
|
#include "qemu/config-file.h"
|
|
#include "qemu/error-report.h"
|
|
#include "qmp-commands.h"
|
|
#include "trace.h"
|
|
|
|
typedef struct VhostUserState {
|
|
NetClientState nc;
|
|
CharBackend chr; /* only queue index 0 */
|
|
VHostNetState *vhost_net;
|
|
guint watch;
|
|
uint64_t acked_features;
|
|
bool started;
|
|
} VhostUserState;
|
|
|
|
VHostNetState *vhost_user_get_vhost_net(NetClientState *nc)
|
|
{
|
|
VhostUserState *s = DO_UPCAST(VhostUserState, nc, nc);
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
return s->vhost_net;
|
|
}
|
|
|
|
uint64_t vhost_user_get_acked_features(NetClientState *nc)
|
|
{
|
|
VhostUserState *s = DO_UPCAST(VhostUserState, nc, nc);
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
return s->acked_features;
|
|
}
|
|
|
|
static void vhost_user_stop(int queues, NetClientState *ncs[])
|
|
{
|
|
VhostUserState *s;
|
|
int i;
|
|
|
|
for (i = 0; i < queues; i++) {
|
|
assert(ncs[i]->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
|
|
s = DO_UPCAST(VhostUserState, nc, ncs[i]);
|
|
|
|
if (s->vhost_net) {
|
|
/* save acked features */
|
|
uint64_t features = vhost_net_get_acked_features(s->vhost_net);
|
|
if (features) {
|
|
s->acked_features = features;
|
|
}
|
|
vhost_net_cleanup(s->vhost_net);
|
|
}
|
|
}
|
|
}
|
|
|
|
static int vhost_user_start(int queues, NetClientState *ncs[], CharBackend *be)
|
|
{
|
|
VhostNetOptions options;
|
|
struct vhost_net *net = NULL;
|
|
VhostUserState *s;
|
|
int max_queues;
|
|
int i;
|
|
|
|
options.backend_type = VHOST_BACKEND_TYPE_USER;
|
|
|
|
for (i = 0; i < queues; i++) {
|
|
assert(ncs[i]->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
|
|
s = DO_UPCAST(VhostUserState, nc, ncs[i]);
|
|
|
|
options.net_backend = ncs[i];
|
|
options.opaque = be;
|
|
options.busyloop_timeout = 0;
|
|
net = vhost_net_init(&options);
|
|
if (!net) {
|
|
error_report("failed to init vhost_net for queue %d", i);
|
|
goto err;
|
|
}
|
|
|
|
if (i == 0) {
|
|
max_queues = vhost_net_get_max_queues(net);
|
|
if (queues > max_queues) {
|
|
error_report("you are asking more queues than supported: %d",
|
|
max_queues);
|
|
goto err;
|
|
}
|
|
}
|
|
|
|
if (s->vhost_net) {
|
|
vhost_net_cleanup(s->vhost_net);
|
|
g_free(s->vhost_net);
|
|
}
|
|
s->vhost_net = net;
|
|
}
|
|
|
|
return 0;
|
|
|
|
err:
|
|
if (net) {
|
|
vhost_net_cleanup(net);
|
|
}
|
|
vhost_user_stop(i, ncs);
|
|
return -1;
|
|
}
|
|
|
|
static ssize_t vhost_user_receive(NetClientState *nc, const uint8_t *buf,
|
|
size_t size)
|
|
{
|
|
/* In case of RARP (message size is 60) notify backup to send a fake RARP.
|
|
This fake RARP will be sent by backend only for guest
|
|
without GUEST_ANNOUNCE capability.
|
|
*/
|
|
if (size == 60) {
|
|
VhostUserState *s = DO_UPCAST(VhostUserState, nc, nc);
|
|
int r;
|
|
static int display_rarp_failure = 1;
|
|
char mac_addr[6];
|
|
|
|
/* extract guest mac address from the RARP message */
|
|
memcpy(mac_addr, &buf[6], 6);
|
|
|
|
r = vhost_net_notify_migration_done(s->vhost_net, mac_addr);
|
|
|
|
if ((r != 0) && (display_rarp_failure)) {
|
|
fprintf(stderr,
|
|
"Vhost user backend fails to broadcast fake RARP\n");
|
|
fflush(stderr);
|
|
display_rarp_failure = 0;
|
|
}
|
|
}
|
|
|
|
return size;
|
|
}
|
|
|
|
static void vhost_user_cleanup(NetClientState *nc)
|
|
{
|
|
VhostUserState *s = DO_UPCAST(VhostUserState, nc, nc);
|
|
|
|
if (s->vhost_net) {
|
|
vhost_net_cleanup(s->vhost_net);
|
|
g_free(s->vhost_net);
|
|
s->vhost_net = NULL;
|
|
}
|
|
if (nc->queue_index == 0) {
|
|
if (s->watch) {
|
|
g_source_remove(s->watch);
|
|
s->watch = 0;
|
|
}
|
|
qemu_chr_fe_deinit(&s->chr, true);
|
|
}
|
|
|
|
qemu_purge_queued_packets(nc);
|
|
}
|
|
|
|
static bool vhost_user_has_vnet_hdr(NetClientState *nc)
|
|
{
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
|
|
return true;
|
|
}
|
|
|
|
static bool vhost_user_has_ufo(NetClientState *nc)
|
|
{
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
|
|
return true;
|
|
}
|
|
|
|
static NetClientInfo net_vhost_user_info = {
|
|
.type = NET_CLIENT_DRIVER_VHOST_USER,
|
|
.size = sizeof(VhostUserState),
|
|
.receive = vhost_user_receive,
|
|
.cleanup = vhost_user_cleanup,
|
|
.has_vnet_hdr = vhost_user_has_vnet_hdr,
|
|
.has_ufo = vhost_user_has_ufo,
|
|
};
|
|
|
|
static gboolean net_vhost_user_watch(GIOChannel *chan, GIOCondition cond,
|
|
void *opaque)
|
|
{
|
|
VhostUserState *s = opaque;
|
|
|
|
qemu_chr_fe_disconnect(&s->chr);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
static void net_vhost_user_event(void *opaque, int event);
|
|
|
|
static void chr_closed_bh(void *opaque)
|
|
{
|
|
const char *name = opaque;
|
|
NetClientState *ncs[MAX_QUEUE_NUM];
|
|
VhostUserState *s;
|
|
Error *err = NULL;
|
|
int queues;
|
|
|
|
queues = qemu_find_net_clients_except(name, ncs,
|
|
NET_CLIENT_DRIVER_NIC,
|
|
MAX_QUEUE_NUM);
|
|
assert(queues < MAX_QUEUE_NUM);
|
|
|
|
s = DO_UPCAST(VhostUserState, nc, ncs[0]);
|
|
|
|
qmp_set_link(name, false, &err);
|
|
vhost_user_stop(queues, ncs);
|
|
|
|
qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, net_vhost_user_event,
|
|
NULL, opaque, NULL, true);
|
|
|
|
if (err) {
|
|
error_report_err(err);
|
|
}
|
|
}
|
|
|
|
static void net_vhost_user_event(void *opaque, int event)
|
|
{
|
|
const char *name = opaque;
|
|
NetClientState *ncs[MAX_QUEUE_NUM];
|
|
VhostUserState *s;
|
|
Chardev *chr;
|
|
Error *err = NULL;
|
|
int queues;
|
|
|
|
queues = qemu_find_net_clients_except(name, ncs,
|
|
NET_CLIENT_DRIVER_NIC,
|
|
MAX_QUEUE_NUM);
|
|
assert(queues < MAX_QUEUE_NUM);
|
|
|
|
s = DO_UPCAST(VhostUserState, nc, ncs[0]);
|
|
chr = qemu_chr_fe_get_driver(&s->chr);
|
|
trace_vhost_user_event(chr->label, event);
|
|
switch (event) {
|
|
case CHR_EVENT_OPENED:
|
|
if (vhost_user_start(queues, ncs, &s->chr) < 0) {
|
|
qemu_chr_fe_disconnect(&s->chr);
|
|
return;
|
|
}
|
|
s->watch = qemu_chr_fe_add_watch(&s->chr, G_IO_HUP,
|
|
net_vhost_user_watch, s);
|
|
qmp_set_link(name, true, &err);
|
|
s->started = true;
|
|
break;
|
|
case CHR_EVENT_CLOSED:
|
|
/* a close event may happen during a read/write, but vhost
|
|
* code assumes the vhost_dev remains setup, so delay the
|
|
* stop & clear to idle.
|
|
* FIXME: better handle failure in vhost code, remove bh
|
|
*/
|
|
if (s->watch) {
|
|
AioContext *ctx = qemu_get_current_aio_context();
|
|
|
|
g_source_remove(s->watch);
|
|
s->watch = 0;
|
|
qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, NULL, NULL,
|
|
NULL, NULL, false);
|
|
|
|
aio_bh_schedule_oneshot(ctx, chr_closed_bh, opaque);
|
|
}
|
|
break;
|
|
}
|
|
|
|
if (err) {
|
|
error_report_err(err);
|
|
}
|
|
}
|
|
|
|
static int net_vhost_user_init(NetClientState *peer, const char *device,
|
|
const char *name, Chardev *chr,
|
|
int queues)
|
|
{
|
|
Error *err = NULL;
|
|
NetClientState *nc, *nc0 = NULL;
|
|
VhostUserState *s;
|
|
int i;
|
|
|
|
assert(name);
|
|
assert(queues > 0);
|
|
|
|
for (i = 0; i < queues; i++) {
|
|
nc = qemu_new_net_client(&net_vhost_user_info, peer, device, name);
|
|
snprintf(nc->info_str, sizeof(nc->info_str), "vhost-user%d to %s",
|
|
i, chr->label);
|
|
nc->queue_index = i;
|
|
if (!nc0) {
|
|
nc0 = nc;
|
|
s = DO_UPCAST(VhostUserState, nc, nc);
|
|
if (!qemu_chr_fe_init(&s->chr, chr, &err)) {
|
|
error_report_err(err);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
s = DO_UPCAST(VhostUserState, nc, nc0);
|
|
do {
|
|
if (qemu_chr_fe_wait_connected(&s->chr, &err) < 0) {
|
|
error_report_err(err);
|
|
return -1;
|
|
}
|
|
qemu_chr_fe_set_handlers(&s->chr, NULL, NULL,
|
|
net_vhost_user_event, NULL, nc0->name, NULL,
|
|
true);
|
|
} while (!s->started);
|
|
|
|
assert(s->vhost_net);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static Chardev *net_vhost_claim_chardev(
|
|
const NetdevVhostUserOptions *opts, Error **errp)
|
|
{
|
|
Chardev *chr = qemu_chr_find(opts->chardev);
|
|
|
|
if (chr == NULL) {
|
|
error_setg(errp, "chardev \"%s\" not found", opts->chardev);
|
|
return NULL;
|
|
}
|
|
|
|
if (!qemu_chr_has_feature(chr, QEMU_CHAR_FEATURE_RECONNECTABLE)) {
|
|
error_setg(errp, "chardev \"%s\" is not reconnectable",
|
|
opts->chardev);
|
|
return NULL;
|
|
}
|
|
if (!qemu_chr_has_feature(chr, QEMU_CHAR_FEATURE_FD_PASS)) {
|
|
error_setg(errp, "chardev \"%s\" does not support FD passing",
|
|
opts->chardev);
|
|
return NULL;
|
|
}
|
|
|
|
return chr;
|
|
}
|
|
|
|
static int net_vhost_check_net(void *opaque, QemuOpts *opts, Error **errp)
|
|
{
|
|
const char *name = opaque;
|
|
const char *driver, *netdev;
|
|
|
|
driver = qemu_opt_get(opts, "driver");
|
|
netdev = qemu_opt_get(opts, "netdev");
|
|
|
|
if (!driver || !netdev) {
|
|
return 0;
|
|
}
|
|
|
|
if (strcmp(netdev, name) == 0 &&
|
|
!g_str_has_prefix(driver, "virtio-net-")) {
|
|
error_setg(errp, "vhost-user requires frontend driver virtio-net-*");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int net_init_vhost_user(const Netdev *netdev, const char *name,
|
|
NetClientState *peer, Error **errp)
|
|
{
|
|
int queues;
|
|
const NetdevVhostUserOptions *vhost_user_opts;
|
|
Chardev *chr;
|
|
|
|
assert(netdev->type == NET_CLIENT_DRIVER_VHOST_USER);
|
|
vhost_user_opts = &netdev->u.vhost_user;
|
|
|
|
chr = net_vhost_claim_chardev(vhost_user_opts, errp);
|
|
if (!chr) {
|
|
return -1;
|
|
}
|
|
|
|
/* verify net frontend */
|
|
if (qemu_opts_foreach(qemu_find_opts("device"), net_vhost_check_net,
|
|
(char *)name, errp)) {
|
|
return -1;
|
|
}
|
|
|
|
queues = vhost_user_opts->has_queues ? vhost_user_opts->queues : 1;
|
|
if (queues < 1 || queues > MAX_QUEUE_NUM) {
|
|
error_setg(errp,
|
|
"vhost-user number of queues must be in range [1, %d]",
|
|
MAX_QUEUE_NUM);
|
|
return -1;
|
|
}
|
|
|
|
return net_vhost_user_init(peer, "vhost_user", name, chr, queues);
|
|
}
|