Il 07/07/2014 10:12, ChenLiang ha scritto:
Hi,
virtio_blk_reset uses bdrv_drain_all too.
That's a limitation of virtio_blk_reset, as the comment above says.
virtio-scsi uses bdrv_aio_cancel. :)
Paolo
On 2014/7/3 18:41, Paolo Bonzini wrote:
> Il 03/07/2014 04:23, ChenLiang ha scritto:
>> Program received signal SIGABRT, Aborted.
>> 0x7fd548355b55 in raise () from /lib64/libc.so.6
>> (gdb) bt
>> #0 0x7fd548355b55 in raise () from /lib64/libc.so.6
>> #1 0x7fd548357131 in abort () fr
Il 03/07/2014 04:23, ChenLiang ha scritto:
Program received signal SIGABRT, Aborted.
0x7fd548355b55 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x7fd548355b55 in raise () from /lib64/libc.so.6
#1 0x7fd548357131 in abort () from /lib64/libc.so.6
#2 0x7fd548393e0f in __libc_mes
On 2014/7/2 20:19, Paolo Bonzini wrote:
> Il 02/07/2014 13:57, ChenLiang ha scritto:
Hmm, dbs->in_cancel will be true always. Although this will avoid freeing
dbs by dma_comlete.
But it maybe a mistake.
>>>
>>> This was on purpose; I'm doing the free myself in dma_aio_cancel, so I
Il 02/07/2014 14:54, 陈梁 ha scritto:
> The second call should have happened within dma_aio_cancel's call to
> bdrv_aio_cancel. This is the real bug.
IMO, the second need not happened within dma_aio_cancel's call to
bdrv_aio_cancel.
The double free will be happened if dam_aio_cancel is called.
> Il 02/07/2014 13:57, ChenLiang ha scritto:
Hmm, dbs->in_cancel will be true always. Although this will avoid freeing
dbs by dma_comlete.
But it maybe a mistake.
>>>
>>> This was on purpose; I'm doing the free myself in dma_aio_cancel, so I
>>> wanted to avoid the qemu_aio_relea
> Il 02/07/2014 13:57, ChenLiang ha scritto:
Hmm, dbs->in_cancel will be true always. Although this will avoid freeing
dbs by dma_comlete.
But it maybe a mistake.
>>>
>>> This was on purpose; I'm doing the free myself in dma_aio_cancel, so I
>>> wanted to avoid the qemu_aio_relea
Il 02/07/2014 13:57, ChenLiang ha scritto:
>>> Hmm, dbs->in_cancel will be true always. Although this will avoid freeing
>>> dbs by dma_comlete.
>>> But it maybe a mistake.
>>
>> This was on purpose; I'm doing the free myself in dma_aio_cancel, so I
>> wanted to avoid the qemu_aio_release from dm
On 2014/7/2 19:40, Paolo Bonzini wrote:
> Il 02/07/2014 13:33, ChenLiang ha scritto:
>> On 2014/7/2 18:16, Paolo Bonzini wrote:
>>
>>> Il 02/07/2014 11:46, Gonglei (Arei) ha scritto:
Hi, Paolo. We have tested your above patch, and it works well for us.
>>>
>>> I'm still not sure where the fix
Il 02/07/2014 13:33, ChenLiang ha scritto:
On 2014/7/2 18:16, Paolo Bonzini wrote:
Il 02/07/2014 11:46, Gonglei (Arei) ha scritto:
Hi, Paolo. We have tested your above patch, and it works well for us.
I'm still not sure where the fix is. I jotted the patch quickly, but I'd
rather understan
On 2014/7/2 18:16, Paolo Bonzini wrote:
> Il 02/07/2014 11:46, Gonglei (Arei) ha scritto:
>> Hi, Paolo. We have tested your above patch, and it works well for us.
>
> I'm still not sure where the fix is. I jotted the patch quickly, but I'd
> rather understand it better before submitting it. He
Il 02/07/2014 13:12, ChenLiang ha scritto:
This patch avoid freeing dbs by dma_complete when dma_aio_cancel is running.
Because dma_complete also will be called by dma_bdrv_cb. So double free
will never happen.
Yes, you already said that. But I'm not sure _why_ the patch avoids
freeing dbs, e
On 2014/7/2 18:16, Paolo Bonzini wrote:
> Il 02/07/2014 11:46, Gonglei (Arei) ha scritto:
>> Hi, Paolo. We have tested your above patch, and it works well for us.
>
> I'm still not sure where the fix is. I jotted the patch quickly, but I'd
> rather understand it better before submitting it. He
Il 02/07/2014 11:46, Gonglei (Arei) ha scritto:
Hi, Paolo. We have tested your above patch, and it works well for us.
I'm still not sure where the fix is. I jotted the patch quickly, but
I'd rather understand it better before submitting it. Here is it again:
--- a/dma-helpers.c
+++ b/dma-h
> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: Wednesday, July 02, 2014 5:26 PM
> To: chenliang (T)
> Cc: Gonglei (Arei); qemu-devel@nongnu.org; kw...@redhat.com;
> stefa...@redhat.com; Huangweidong (C)
> Subject: Re: [PATCH] ide: fix double free
>
> Il 02/
Il 02/07/2014 11:24, ChenLiang ha scritto:
On 2014/7/2 17:04, Paolo Bonzini wrote:
This is definitely a heavyweight solution, and in fact the bug should
not be there in the first place. See dma_complete:
static void dma_complete(DMAAIOCB *dbs, int ret)
{
trace_dma_complete(dbs, ret, dbs->
On 2014/7/2 17:04, Paolo Bonzini wrote:
> This is definitely a heavyweight solution, and in fact the bug should
> not be there in the first place. See dma_complete:
>
> static void dma_complete(DMAAIOCB *dbs, int ret)
> {
> trace_dma_complete(dbs, ret, dbs->common.cb);
>
> dma_bdrv_unm
Il 02/07/2014 10:50, arei.gong...@huawei.com ha scritto:
> if (bus->dma->aiocb) {
> -#ifdef DEBUG_AIO
> -printf("aio_cancel\n");
> -#endif
> -bdrv_aio_cancel(bus->dma->aiocb);
> -bus->dma->aiocb = NULL;
> +bdrv_drain_all();
> +bdrv_flush_all();
> +
From: Chenliang
Qemu may double free when excutes command "reboot -f" in vm.
One path is bdrv_aio_cancel(), the other is dma_bdrv_cb()
callback prcocess.
Signed-off-by: Chenliang
Signed-off-by: Gonglei
---
Qemu crash bt:
Program received signal SIGABRT, Aborted.
0x7f3cb2c76b55 in raise ()
19 matches
Mail list logo
