Re: [PATCH v8] virtio-pci: fix use of a released vector

Michael Tokarev Wed, 08 May 2024 21:55:42 -0700

09.05.2024 04:43, Cindy Lu wrote:

https://gitlab.com/qemu-project/qemu/-/issues/2321
https://gitlab.com/qemu-project/qemu/-/issues/2334


So something's not right here.

I have checked the stack, seems there is a  crash while set the vector
to NO_VECTOER?

#0  kvm_virtio_pci_vq_vector_release (proxy=0x55bd979fd130,
vector=<optimized out>) at ../hw/virtio/virtio-pci.c:834


This is 8.2.3, not 9.0 or master.  It is this line:

static void kvm_virtio_pci_vq_vector_release(VirtIOPCIProxy *proxy,
                                             unsigned int vector)
{
    VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
    if (--irqfd->users == 0) {                                <=== this
        kvm_irqchip_release_virq(kvm_state, irqfd->virq);
    }
}

I wonder if we have a use-after-release issue here, which has been
uncovered by your fix..

/mjt

#1  kvm_virtio_pci_vector_release_one
(proxy=proxy@entry=0x55bd979fd130, queue_no=queue_no@entry=0) at
../hw/virtio/virtio-pci.c:965
#2  0x000055bd9380c430 in virtio_pci_set_vector (vdev=0x55bd97a05500,
proxy=0x55bd979fd130, queue_no=0, old_vector=1, new_vector=65535)
     at ../hw/virtio/virtio-pci.c:1445
#3  0x000055bd939c5490 in memory_region_write_accessor
(mr=0x55bd979fdc70, addr=26, value=<optimized out>, size=2,
shift=<optimized out>,
     mask=<optimized out>, attrs=...) at ../system/memory.c:497

I will try to reproduce and work in it

thanks
Cindy

Re: [PATCH v8] virtio-pci: fix use of a released vector

Reply via email to