Commit 91d670fb authored by Ming Lei's avatar Ming Lei Committed by Paolo Bonzini
Browse files

virtio-scsi: define dummy handle_output for vhost-scsi vqs 



vhost userspace needn't to handle vq's notification from guest,
so define dummy handle_output callback for all vqs of vhost-scsi.

In some corner cases(such as when handling vq's reset from VM), virtio-pci
still trys to handle pending virtio-scsi events, then object check failure
inside virtio_scsi_handle_event() for vhost-scsi can be triggered.

The issue can be reproduced by 'rmmod virtio-scsi', 'system sleep' or reboot
inside VM.

Cc: qemu-stable@nongnu.org
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarMing Lei <ming.lei@canonical.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 8c215a9f

hw/scsi/vhost-scsi.c

+7 −1
Original line number Diff line number Diff line
@@ -196,6 +196,10 @@ static void vhost_scsi_set_status(VirtIODevice *vdev, uint8_t val) 
    }

}



static void vhost_dummy_handle_output(VirtIODevice *vdev, VirtQueue *vq)

{

}



static void vhost_scsi_realize(DeviceState *dev, Error **errp)

{

    VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(dev);
@@ -217,7 +221,9 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) 
        }

    }



    virtio_scsi_common_realize(dev, &err);

    virtio_scsi_common_realize(dev, &err, vhost_dummy_handle_output,

                               vhost_dummy_handle_output,

                               vhost_dummy_handle_output);

    if (err != NULL) {

        error_propagate(errp, err);

        return;

hw/scsi/virtio-scsi.c

+9 −5
Original line number Diff line number Diff line
@@ -667,7 +667,9 @@ static struct SCSIBusInfo virtio_scsi_scsi_info = { 
    .load_request = virtio_scsi_load_request,

};



void virtio_scsi_common_realize(DeviceState *dev, Error **errp)

void virtio_scsi_common_realize(DeviceState *dev, Error **errp,

                                HandleOutput ctrl, HandleOutput evt,

                                HandleOutput cmd)

{

    VirtIODevice *vdev = VIRTIO_DEVICE(dev);

    VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(dev);
@@ -681,12 +683,12 @@ void virtio_scsi_common_realize(DeviceState *dev, Error **errp) 
    s->cdb_size = VIRTIO_SCSI_CDB_SIZE;



    s->ctrl_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,

                                  virtio_scsi_handle_ctrl);

                                  ctrl);

    s->event_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,

                                   virtio_scsi_handle_event);

                                   evt);

    for (i = 0; i < s->conf.num_queues; i++) {

        s->cmd_vqs[i] = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE,

                                         virtio_scsi_handle_cmd);

                                         cmd);

    }

}
@@ -697,7 +699,9 @@ static void virtio_scsi_device_realize(DeviceState *dev, Error **errp) 
    static int virtio_scsi_id;

    Error *err = NULL;



    virtio_scsi_common_realize(dev, &err);

    virtio_scsi_common_realize(dev, &err, virtio_scsi_handle_ctrl,

                               virtio_scsi_handle_event,

                               virtio_scsi_handle_cmd);

    if (err != NULL) {

        error_propagate(errp, err);

        return;

include/hw/virtio/virtio-scsi.h

+6 −1
Original line number Diff line number Diff line
@@ -184,7 +184,12 @@ typedef struct { 
    DEFINE_PROP_BIT("param_change", _state, _feature_field,                    \

                                            VIRTIO_SCSI_F_CHANGE, true)



void virtio_scsi_common_realize(DeviceState *dev, Error **errp);

typedef void (*HandleOutput)(VirtIODevice *, VirtQueue *);



void virtio_scsi_common_realize(DeviceState *dev, Error **errp,

                                HandleOutput ctrl, HandleOutput evt,

                                HandleOutput cmd);



void virtio_scsi_common_unrealize(DeviceState *dev, Error **errp);



#endif /* _QEMU_VIRTIO_SCSI_H */