1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
|
peripherals: 0.807
user-level: 0.794
risc-v: 0.773
hypervisor: 0.765
TCG: 0.760
KVM: 0.755
vnc: 0.743
mistranslation: 0.735
VMM: 0.731
virtual: 0.730
ppc: 0.728
debug: 0.723
graphic: 0.720
operating system: 0.713
register: 0.706
semantic: 0.705
device: 0.697
i386: 0.694
x86: 0.693
performance: 0.692
permissions: 0.685
files: 0.680
arm: 0.665
assembly: 0.638
boot: 0.636
network: 0.633
alpha: 0.631
architecture: 0.627
PID: 0.620
socket: 0.613
kernel: 0.594
[Qemu-devel] [Bug] virtio-blk: qemu will crash if hotplug virtio-blk device failed
I found that hotplug virtio-blk device will lead to qemu crash.
Re-production steps:
1. Run VM named vm001
2. Create a virtio-blk.xml which contains wrong configurations:
<disk device="lun" rawio="yes" type="block">
<driver cache="none" io="native" name="qemu" type="raw" />
<source dev="/dev/mapper/11-dm" />
<target bus="virtio" dev="vdx" />
</disk>
3. Run command : virsh attach-device vm001 vm001
Libvirt will return err msg:
error: Failed to attach device from blk-scsi.xml
error: internal error: unable to execute QEMU command 'device_add': Please set
scsi=off for virtio-blk devices in order to use virtio 1.0
it means hotplug virtio-blk device failed.
4. Suspend or shutdown VM will leads to qemu crash
from gdb:
(gdb) bt
#0 object_get_class (address@hidden) at qom/object.c:750
#1 0x00007f9a72582e01 in virtio_vmstate_change (opaque=0x7f9a73d10960,
running=0, state=<optimized out>) at
/mnt/sdb/lzc/code/open/qemu/hw/virtio/virtio.c:2203
#2 0x00007f9a7261ef52 in vm_state_notify (address@hidden, address@hidden) at
vl.c:1685
#3 0x00007f9a7252603a in do_vm_stop (state=RUN_STATE_PAUSED) at
/mnt/sdb/lzc/code/open/qemu/cpus.c:941
#4 vm_stop (address@hidden) at /mnt/sdb/lzc/code/open/qemu/cpus.c:1807
#5 0x00007f9a7262eb1b in qmp_stop (address@hidden) at qmp.c:102
#6 0x00007f9a7262c70a in qmp_marshal_stop (args=<optimized out>,
ret=<optimized out>, errp=0x7ffe63e255d8) at qmp-marshal.c:5854
#7 0x00007f9a72897e79 in do_qmp_dispatch (errp=0x7ffe63e255d0,
request=0x7f9a76510120, cmds=0x7f9a72ee7980 <qmp_commands>) at
qapi/qmp-dispatch.c:104
#8 qmp_dispatch (cmds=0x7f9a72ee7980 <qmp_commands>, address@hidden) at
qapi/qmp-dispatch.c:131
#9 0x00007f9a725288d5 in handle_qmp_command (parser=<optimized out>,
tokens=<optimized out>) at /mnt/sdb/lzc/code/open/qemu/monitor.c:3852
#10 0x00007f9a7289d514 in json_message_process_token (lexer=0x7f9a73ce4498,
input=0x7f9a73cc6880, type=JSON_RCURLY, x=36, y=17) at
qobject/json-streamer.c:105
#11 0x00007f9a728bb69b in json_lexer_feed_char (address@hidden, ch=125 '}',
address@hidden) at qobject/json-lexer.c:323
#12 0x00007f9a728bb75e in json_lexer_feed (lexer=0x7f9a73ce4498,
buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:373
#13 0x00007f9a7289d5d9 in json_message_parser_feed (parser=<optimized out>,
buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:124
#14 0x00007f9a7252722e in monitor_qmp_read (opaque=<optimized out>,
buf=<optimized out>, size=<optimized out>) at
/mnt/sdb/lzc/code/open/qemu/monitor.c:3894
#15 0x00007f9a7284ee1b in tcp_chr_read (chan=<optimized out>, cond=<optimized
out>, opaque=<optimized out>) at chardev/char-socket.c:441
#16 0x00007f9a6e03e99a in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#17 0x00007f9a728a342c in glib_pollfds_poll () at util/main-loop.c:214
#18 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#19 main_loop_wait (address@hidden) at util/main-loop.c:515
#20 0x00007f9a724e7547 in main_loop () at vl.c:1999
#21 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at
vl.c:4877
Problem happens in virtio_vmstate_change which is called by vm_state_notify,
static void virtio_vmstate_change(void *opaque, int running, RunState state)
{
VirtIODevice *vdev = opaque;
BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
bool backend_run = running && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK);
vdev->vm_running = running;
if (backend_run) {
virtio_set_status(vdev, vdev->status);
}
if (k->vmstate_change) {
k->vmstate_change(qbus->parent, backend_run);
}
if (!backend_run) {
virtio_set_status(vdev, vdev->status);
}
}
Vdev's parent_bus is NULL, so qdev_get_parent_bus(DEVICE(vdev)) will crash.
virtio_vmstate_change is added to the list vm_change_state_head at
virtio_blk_device_realize(virtio_init),
but after hotplug virtio-blk failed, virtio_vmstate_change will not be removed
from vm_change_state_head.
I apply a patch as follews:
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 5884ce3..ea532dc 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2491,6 +2491,7 @@ static void virtio_device_realize(DeviceState *dev, Error
**errp)
virtio_bus_device_plugged(vdev, &err);
if (err != NULL) {
error_propagate(errp, err);
+ vdc->unrealize(dev, NULL);
return;
}
On Tue, Oct 31, 2017 at 05:19:08AM +0000, linzhecheng wrote:
>
I found that hotplug virtio-blk device will lead to qemu crash.
The author posted a patch in a separate email thread. Please see
"[PATCH] fix: unrealize virtio device if we fail to hotplug it".
>
Re-production steps:
>
>
1. Run VM named vm001
>
>
2. Create a virtio-blk.xml which contains wrong configurations:
>
<disk device="lun" rawio="yes" type="block">
>
<driver cache="none" io="native" name="qemu" type="raw" />
>
<source dev="/dev/mapper/11-dm" />
>
<target bus="virtio" dev="vdx" />
>
</disk>
>
>
3. Run command : virsh attach-device vm001 vm001
>
>
Libvirt will return err msg:
>
>
error: Failed to attach device from blk-scsi.xml
>
>
error: internal error: unable to execute QEMU command 'device_add': Please
>
set scsi=off for virtio-blk devices in order to use virtio 1.0
>
>
it means hotplug virtio-blk device failed.
>
>
4. Suspend or shutdown VM will leads to qemu crash
>
>
>
>
from gdb:
>
>
>
(gdb) bt
>
#0 object_get_class (address@hidden) at qom/object.c:750
>
#1 0x00007f9a72582e01 in virtio_vmstate_change (opaque=0x7f9a73d10960,
>
running=0, state=<optimized out>) at
>
/mnt/sdb/lzc/code/open/qemu/hw/virtio/virtio.c:2203
>
#2 0x00007f9a7261ef52 in vm_state_notify (address@hidden, address@hidden) at
>
vl.c:1685
>
#3 0x00007f9a7252603a in do_vm_stop (state=RUN_STATE_PAUSED) at
>
/mnt/sdb/lzc/code/open/qemu/cpus.c:941
>
#4 vm_stop (address@hidden) at /mnt/sdb/lzc/code/open/qemu/cpus.c:1807
>
#5 0x00007f9a7262eb1b in qmp_stop (address@hidden) at qmp.c:102
>
#6 0x00007f9a7262c70a in qmp_marshal_stop (args=<optimized out>,
>
ret=<optimized out>, errp=0x7ffe63e255d8) at qmp-marshal.c:5854
>
#7 0x00007f9a72897e79 in do_qmp_dispatch (errp=0x7ffe63e255d0,
>
request=0x7f9a76510120, cmds=0x7f9a72ee7980 <qmp_commands>) at
>
qapi/qmp-dispatch.c:104
>
#8 qmp_dispatch (cmds=0x7f9a72ee7980 <qmp_commands>, address@hidden) at
>
qapi/qmp-dispatch.c:131
>
#9 0x00007f9a725288d5 in handle_qmp_command (parser=<optimized out>,
>
tokens=<optimized out>) at /mnt/sdb/lzc/code/open/qemu/monitor.c:3852
>
#10 0x00007f9a7289d514 in json_message_process_token (lexer=0x7f9a73ce4498,
>
input=0x7f9a73cc6880, type=JSON_RCURLY, x=36, y=17) at
>
qobject/json-streamer.c:105
>
#11 0x00007f9a728bb69b in json_lexer_feed_char (address@hidden, ch=125 '}',
>
address@hidden) at qobject/json-lexer.c:323
>
#12 0x00007f9a728bb75e in json_lexer_feed (lexer=0x7f9a73ce4498,
>
buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:373
>
#13 0x00007f9a7289d5d9 in json_message_parser_feed (parser=<optimized out>,
>
buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:124
>
#14 0x00007f9a7252722e in monitor_qmp_read (opaque=<optimized out>,
>
buf=<optimized out>, size=<optimized out>) at
>
/mnt/sdb/lzc/code/open/qemu/monitor.c:3894
>
#15 0x00007f9a7284ee1b in tcp_chr_read (chan=<optimized out>, cond=<optimized
>
out>, opaque=<optimized out>) at chardev/char-socket.c:441
>
#16 0x00007f9a6e03e99a in g_main_context_dispatch () from
>
/usr/lib64/libglib-2.0.so.0
>
#17 0x00007f9a728a342c in glib_pollfds_poll () at util/main-loop.c:214
>
#18 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
>
#19 main_loop_wait (address@hidden) at util/main-loop.c:515
>
#20 0x00007f9a724e7547 in main_loop () at vl.c:1999
>
#21 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
>
at vl.c:4877
>
>
Problem happens in virtio_vmstate_change which is called by vm_state_notify,
>
static void virtio_vmstate_change(void *opaque, int running, RunState state)
>
{
>
VirtIODevice *vdev = opaque;
>
BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
>
VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
>
bool backend_run = running && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK);
>
vdev->vm_running = running;
>
>
if (backend_run) {
>
virtio_set_status(vdev, vdev->status);
>
}
>
>
if (k->vmstate_change) {
>
k->vmstate_change(qbus->parent, backend_run);
>
}
>
>
if (!backend_run) {
>
virtio_set_status(vdev, vdev->status);
>
}
>
}
>
>
Vdev's parent_bus is NULL, so qdev_get_parent_bus(DEVICE(vdev)) will crash.
>
virtio_vmstate_change is added to the list vm_change_state_head at
>
virtio_blk_device_realize(virtio_init),
>
but after hotplug virtio-blk failed, virtio_vmstate_change will not be
>
removed from vm_change_state_head.
>
>
>
I apply a patch as follews:
>
>
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
>
index 5884ce3..ea532dc 100644
>
--- a/hw/virtio/virtio.c
>
+++ b/hw/virtio/virtio.c
>
@@ -2491,6 +2491,7 @@ static void virtio_device_realize(DeviceState *dev,
>
Error **errp)
>
virtio_bus_device_plugged(vdev, &err);
>
if (err != NULL) {
>
error_propagate(errp, err);
>
+ vdc->unrealize(dev, NULL);
>
return;
>
}
signature.asc
Description:
PGP signature
|