On Wed, Aug 20, 2025 at 12:13 AM David Woodhouse <dw...@infradead.org> wrote:
>
> On Mon, 2025-03-10 at 20:22 +0800, Jason Wang wrote:
> > From: Eugenio Pérez <epere...@redhat.com>
> >
> > Commit a0d7215e33 ("vhost-vdpa: do not cleanup the vdpa/vhost-net
> > structures if peer nic is present") effectively delayed the backend
> > cleanup, allowing the frontend or the guest to access it resources as
> > long as the frontend is still visible to the guest.
> >
> > However it does not clean up the resources until the qemu process is
> > over. This causes an effective leak if the device is deleted with
> > device_del, as there is no way to close the vdpa device. This makes
> > impossible to re-add that device to this or other QEMU instances until
> > the first instance of QEMU is finished.
> >
> > Move the cleanup from qemu_cleanup to the NIC deletion and to
> > net_cleanup.
> >
> > Fixes: a0d7215e33 ("vhost-vdpa: do not cleanup the vdpa/vhost-net
> > structures if peer nic is present")
> > Reported-by: Lei Yang <leiy...@redhat.com>
> > Signed-off-by: Eugenio Pérez <epere...@redhat.com>
> > Signed-off-by: Jonah Palmer <jonah.pal...@oracle.com>
> > Signed-off-by: Jason Wang <jasow...@redhat.com>
>
> This crashes QEMU when I launch an emulated Xen guest with a Xen PV
> NIC, and quit (using Ctrl-A x on the monitor).
Eugenio and Jonah, any thoughts on this? It looks like the code
doesn't deal with hub correctly.
Thanks
>
> $ gdb --args ./qemu-system-x86_64 --accel
> kvm,xen-version=0x40011,kernel-irqchip=split -serial mon:stdio -display
> none -m 1G -kernel
> /boot/vmlinuz-6.13.8-200.fc41.x86_64/boot/vmlinuz-6.13.8-200.fc41.x86_64
> -append "console=ttyS0"
> (gdb) handle SIGUSR1 pass nostop noprint
> (gdb) run
> [ 0.000000] Linux version 6.13.8-200.fc41.x86_64
> (mockbuild@cdcecfee8b71420eb7f55566b7811804) (gcc (GCC) 14.2.1 20250110 (Red
> Hat 14.2.1-7), GNU ld version 2.43.1-5.fc41) #1 SMP PREEMPT_DYNAMIC Sun Mar
> 23 05:03:09 UTC 2025[ 0.000000] Linux version 6.13.8-200.fc41.x86_64
> (mockbuild@cdcecfee8b71420eb7f55566b7811804) (gcc (GCC) 14.2.1 20250110 (Red
> Hat 14.2.1-7), GNU ld version 2.43.1-5.fc41) #1 SMP PREEMPT_DYNAMIC Sun Mar
> 23 05:03:09 UTC 2025
> [ 0.000000] Command line: console=ttyS0
> [ 0.000000] BIOS-provided physical RAM map:
> [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
> [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
> [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
> [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003ffdffff] usable
> [ 0.000000] BIOS-e820: [mem 0x000000003ffe0000-0x000000003fffffff] reserved
> [ 0.000000] BIOS-e820: [mem 0x00000000feff8000-0x00000000feffffff] reserved
> [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
> [ 0.000000] NX (Execute Disable) protection: active
> [ 0.000000] APIC: Static calls initialized
> [ 0.000000] SMBIOS 2.8 present.
> [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
> [ 0.000000] DMI: Memory slots populated: 1/1
> [ 0.000000] Hypervisor detected: Xen HVM
> …
> <Ctrl-A x>
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x000055555584821c in net_hub_port_cleanup (nc=0x555557ce23d0) at
> ../net/hub.c:132
> 132 QLIST_REMOVE(port, next);
> (gdb) bt
> #0 0x000055555584821c in net_hub_port_cleanup (nc=0x555557ce23d0) at
> ../net/hub.c:132
> #1 0x000055555584a8c9 in qemu_cleanup_net_client (nc=<optimized out>,
> remove_from_net_clients=false)
> at ../net/net.c:392
> #2 qemu_del_nic (nic=0x555558866400) at ../net/net.c:476
> #3 0x00005555557cae41 in xen_device_unrealize (dev=<optimized out>) at
> ../hw/xen/xen-bus.c:988
> #4 0x0000555555c414ff in notifier_list_notify
> (list=list@entry=0x5555570671f0 <exit_notifiers>, data=data@entry=0x0) at
> ../util/notify.c:39
> #5 0x00005555557efd2c in qemu_run_exit_notifiers () at
> ../system/runstate.c:854
> #6 0x00007ffff52996c1 in __run_exit_handlers () at /lib64/libc.so.6
> #7 0x00007ffff529978e in exit () at /lib64/libc.so.6
> #8 0x0000555555b90a5c in qemu_default_main (opaque=opaque@entry=0x0) at
> ../system/main.c:52
> #9 0x00005555555622d0 in main (argc=<optimized out>, argv=<optimized out>)
> at ../system/main.c:76
>
