Re: [PATCH] virtio-pci: Fix the use of an uninitialized irqfd.

Sun, 02 Jun 2024 21:47:52 -0700 

On Wed, May 29, 2024 at 9:54 PM Fiona Ebner <f.eb...@proxmox.com> wrote:
>
> Hi,
>
> Am 22.05.24 um 07:10 schrieb Cindy Lu:
> > The crash was reported in MAC OS and NixOS, here is the link for this bug
> > https://gitlab.com/qemu-project/qemu/-/issues/2334
> > https://gitlab.com/qemu-project/qemu/-/issues/2321
> >
> > The root cause is that the function virtio_pci_set_guest_notifiers() only
> > initializes the irqfd when the use_guest_notifier_mask and 
> > guest_notifier_mask
> > are set.
>
> Sorry, I'm just trying to understand the fix and I'm probably missing
> something, but in virtio_pci_set_guest_notifiers() there is:
>
> >     bool with_irqfd = msix_enabled(&proxy->pci_dev) &&
> >         kvm_msi_via_irqfd_enabled();
>
> and then:
>
> >     if ((with_irqfd ||
> >          (vdev->use_guest_notifier_mask && k->guest_notifier_mask)) &&
> >         assign) {
> >         if (with_irqfd) {
> >             proxy->vector_irqfd =
> >                 g_malloc0(sizeof(*proxy->vector_irqfd) *
> >                           msix_nr_vectors_allocated(&proxy->pci_dev));
> >             r = kvm_virtio_pci_vector_vq_use(proxy, nvqs);
>
> Meaning proxy->vector_irqfd is allocated when with_irqfd is true (even
> if vdev->use_guest_notifier_mask && k->guest_notifier_mask is false).
>
> > However, this check is missing in virtio_pci_set_vector().
> > So the fix is to add this check.
> >
> > This fix is verified in vyatta,MacOS,NixOS,fedora system.
> >
> > The bt tree for this bug is:
> > Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault.
> > [Switching to Thread 0x7c817be006c0 (LWP 1269146)]
> > kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
> > 817       if (irqfd->users == 0) {
>
> The crash happens because the irqfd is NULL/invalid here, right?
>
> proxy->vector_irqfd = NULL happens when virtio_pci_set_guest_notifiers()
> is called with assign=false or for an unsuccessful call to
> virtio_pci_set_guest_notifiers() with assign=true.
>
> AFAIU, the issue is that virtio_pci_set_vector() is called between a
> call to virtio_pci_set_guest_notifiers() with assign=false and a
> successful virtio_pci_set_guest_notifiers() with assign=true (or before
> the first such call).
>
> So I'm trying to understand why adding the check for
> vdev->use_guest_notifier_mask && k->guest_notifier_mask is sufficient to
> fix the issue. Thanks!
>
> Best Regards,
> Fiona
>
Thanks, Fiona. You are correct. I have rechecked the call trace, and
it seems that the virtio_pci_set_guest_notifiers was not called at all
for this device. I mistook the calling for another device with the
calling for this one.
I will send a new version
Thanks
Cindy
>

Reply via email to