qemu/monitor-qmp-drop-inflight-rsp-if-qmp-client-broken.patch

From c6b183a4c3c63454dea39be26b0fb773ec04887e Mon Sep 17 00:00:00 2001
From: Chuan Zheng <zhengchuan@huawei.com>
Date: Wed, 9 Feb 2022 14:13:05 +0800
Subject: [PATCH] monitor/qmp: drop inflight rsp if qmp client broken

If libvirt restart while qemu is handle qmp message, libvirt will
reconnect qemu monitor socket, and query status of qemu by qmp.
But qemu may return last qmp respond to new connect socket, and libvirt
recv unexpected respond, So libvirt think qemu is abnormal, and will
kill qemu.

This patch add qmp connect id, while reconnect id will change. While
respond to libvirt, judge if id is same, if not, drop this respond.
---
 monitor/monitor-internal.h |  1 +
 monitor/qmp.c              | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
index 252de85681..d7842fa464 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
@@ -144,6 +144,7 @@ typedef struct {
     const QmpCommandList *commands;
     bool capab_offered[QMP_CAPABILITY__MAX]; /* capabilities offered */
     bool capab[QMP_CAPABILITY__MAX];         /* offered and accepted */
+    uint64_t qmp_client_id; /*qmp client id, update if peer disconnect */
     /*
      * Protects qmp request/response queue.
      * Take monitor_lock first when you need both.
diff --git a/monitor/qmp.c b/monitor/qmp.c
index 6eee450fe4..8f7671c5f1 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -149,18 +149,19 @@ void qmp_send_response(MonitorQMP *mon, const QDict *rsp)
  * Null @rsp can only happen for commands with QCO_NO_SUCCESS_RESP.
  * Nothing is emitted then.
  */
-static void monitor_qmp_respond(MonitorQMP *mon, QDict *rsp)
+static void monitor_qmp_respond(MonitorQMP *mon, QDict *rsp, uint64_t req_client_id)
 {
-    if (rsp) {
-        qmp_send_response(mon, rsp);
+    if (!rsp || (mon->qmp_client_id != req_client_id)) {
+        return;
     }
+    qmp_send_response(mon, rsp);
 }
 
 /*
  * Runs outside of coroutine context for OOB commands, but in
  * coroutine context for everything else.
  */
-static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
+static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req, uint64_t req_client_id)
 {
     QDict *rsp;
     QDict *error;
@@ -180,7 +181,7 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
         }
     }
 
-    monitor_qmp_respond(mon, rsp);
+    monitor_qmp_respond(mon, rsp, req_client_id);
     qobject_unref(rsp);
 }
 
@@ -340,13 +341,13 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)
                 trace_monitor_qmp_cmd_in_band(id_json->str);
                 g_string_free(id_json, true);
             }
-            monitor_qmp_dispatch(mon, req_obj->req);
+            monitor_qmp_dispatch(mon, req_obj->req, mon->qmp_client_id);
         } else {
             assert(req_obj->err);
             trace_monitor_qmp_err_in_band(error_get_pretty(req_obj->err));
             rsp = qmp_error_response(req_obj->err);
             req_obj->err = NULL;
-            monitor_qmp_respond(mon, rsp);
+            monitor_qmp_respond(mon, rsp, mon->qmp_client_id);
             qobject_unref(rsp);
         }
 
@@ -402,7 +403,7 @@ static void handle_qmp_command(void *opaque, QObject *req, Error *err)
             trace_monitor_qmp_cmd_out_of_band(id_json->str);
             g_string_free(id_json, true);
         }
-        monitor_qmp_dispatch(mon, req);
+        monitor_qmp_dispatch(mon, req, mon->qmp_client_id);
         qobject_unref(req);
         return;
     }
@@ -486,6 +487,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
         mon_refcount++;
         break;
     case CHR_EVENT_CLOSED:
+        mon->qmp_client_id++;
         /*
          * Note: this is only useful when the output of the chardev
          * backend is still open.  For example, when the backend is
@@ -539,6 +541,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
     }
     qemu_chr_fe_set_echo(&mon->common.chr, true);
 
+    mon->qmp_client_id = 1;
     /* Note: we run QMP monitor in I/O thread when @chr supports that */
     monitor_data_init(&mon->common, true, false,
                       qemu_chr_has_feature(chr, QEMU_CHAR_FEATURE_GCONTEXT));
-- 
2.27.0
QEMU update to version 8.2.0-5 - vfio/migration: Add support for manual clear vfio dirty log - vfio: Maintain DMA mapping range for the container - linux-headers: update against 5.10 and manual clear vfio dirty log series - arm/acpi: Fix when make qemu-system-aarch64 at x86_64 host bios_tables_test fail reason: __aarch64__ macro let build_pptt at x86_64 and aarch64 host build different function that let bios_tables_test fail. - pl031: support rtc-timer property for pl031 - feature: Add logs for vm start and destroy - feature: Add log for each modules - log: Add log at boot & cpu init for aarch64 - bugfix: irq: Avoid covering object refcount of qemu_irq - i386: cache passthrough: Update AMD 8000_001D.EAX[25:14] based on vCPU topo - freeclock: set rtc_date_diff for X86 - freeclock: set rtc_date_diff for arm - freeclock: add qmp command to get time offset of vm in seconds - tests: Disable filemonitor testcase - shadow_dev: introduce shadow dev for virtio-net device - pl011: reset read FIFO when UARTTIMSC=0 & UARTICR=0xffff - tests: virt: Update expected ACPI tables for virt test(update BinDir) - arm64: Add the cpufreq device to show cpufreq info to guest - hw/arm64: add vcpu cache info support - tests: virt: Allow changes to PPTT test table - cpu: add Cortex-A72 processor kvm target support - cpu: add Kunpeng-920 cpu support - net: eepro100: validate various address valuesi(CVE-2021-20255) - ide: ahci: add check to avoid null dereference (CVE-2019-12067) - vdpa: set vring enable only if the vring address has already been set - docs: Add generic vhost-vdpa device documentation - vdpa: don't suspend/resume device when vdpa device not started - vdpa: correct param passed in when unregister save - vdpa: suspend function return 0 when the vdpa device is stopped - vdpa: support vdpa device suspend/resume - vdpa: move memory listener to the realize stage - vdpa: implement vdpa device migration - vhost: implement migration state notifier for vdpa device - vhost: implement post resume bh - vhost: implement savevm_handler for vdpa device - vhost: implement vhost_vdpa_device_suspend/resume - vhost: implement vhost-vdpa suspend/resume - vhost: add vhost_dev_suspend/resume_op - vhost: introduce bytemap for vhost backend logging - vhost-vdpa: add migration log ops for VhostOps - vhost-vdpa: add VHOST_BACKEND_F_BYTEMAPLOG - hw/usb: reduce the vpcu cost of UHCI when VNC disconnect - virtio-net: update the default and max of rx/tx_queue_size - virtio-net: set the max of queue size to 4096 - virtio-net: fix max vring buf size when set ring num - virtio-net: bugfix: do not delete netdev before virtio net - monitor: Discard BLOCK_IO_ERROR event when VM rebooted - vhost-user: add unregister_savevm when vhost-user cleanup - vhost-user: add vhost_set_mem_table when vm load_setup at destination - vhost-user: quit infinite loop while used memslots is more than the backend limit - fix qemu-core when vhost-user-net config with server mode - vhost-user: Add support reconnect vhost-user socket - vhost-user: Set the acked_features to vm's featrue - i6300esb watchdog: bugfix: Add a runstate transition - hw/net/rocker_of_dpa: fix double free bug of rocker device - net/dump.c: Suppress spurious compiler warning - pcie: Add pcie-root-port fast plug/unplug feature - pcie: Compat with devices which do not support Link Width, such as ioh3420 - qdev/monitors: Fix reundant error_setg of qdev_add_device - qemu-nbd: set timeout to qemu-nbd socket - qemu-nbd: make native as the default aio mode - nbd/server.c: fix invalid read after client was already free - virtio-scsi: bugfix: fix qemu crash for hotplug scsi disk with dataplane - virtio: bugfix: check the value of caches before accessing it - virtio: print the guest virtio_net features that host does not support - virtio: bugfix: add rcu_read_lock when vring_avail_idx is called - virtio: check descriptor numbers - migration: report multiFd related thread pid to libvirt - migration: report migration related thread pid to libvirt - cpu/features: fix bug for memory leakage - doc: Update multi-thread compression doc - migration: Add compress_level sanity check - migration: Add zstd support in multi-thread compression - migration: Add multi-thread compress ops - migration: Refactoring multi-thread compress migration - migration: Add multi-thread compress method - migration: skip cache_drop for bios bootloader and nvram template - oslib-posix: optimise vm startup time for 1G hugepage - monitor/qmp: drop inflight rsp if qmp client broken - ps2: fix oob in ps2 kbd - Currently, while kvm and qemu can not handle some kvm exit, qemu will do vm_stop, which will make vm in pause state. This action make vm unrecoverable, so send guest panic to libvirt instead. - vhost: cancel migration when vhost-user restarted during migraiton Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> 2024-04-07 10:21:31 +08:00			`From c6b183a4c3c63454dea39be26b0fb773ec04887e Mon Sep 17 00:00:00 2001`
			`From: Chuan Zheng <zhengchuan@huawei.com>`
			`Date: Wed, 9 Feb 2022 14:13:05 +0800`
			`Subject: [PATCH] monitor/qmp: drop inflight rsp if qmp client broken`

			`If libvirt restart while qemu is handle qmp message, libvirt will`
			`reconnect qemu monitor socket, and query status of qemu by qmp.`
			`But qemu may return last qmp respond to new connect socket, and libvirt`
			`recv unexpected respond, So libvirt think qemu is abnormal, and will`
			`kill qemu.`

			`This patch add qmp connect id, while reconnect id will change. While`
			`respond to libvirt, judge if id is same, if not, drop this respond.`
			`---`
			`monitor/monitor-internal.h \| 1 +`
			`monitor/qmp.c \| 19 +++++++++++--------`
			`2 files changed, 12 insertions(+), 8 deletions(-)`

			`diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h`
			`index 252de85681..d7842fa464 100644`
			`--- a/monitor/monitor-internal.h`
			`+++ b/monitor/monitor-internal.h`
			`@@ -144,6 +144,7 @@ typedef struct {`
			`const QmpCommandList *commands;`
			`bool capab_offered[QMP_CAPABILITY__MAX]; /* capabilities offered */`
			`bool capab[QMP_CAPABILITY__MAX]; /* offered and accepted */`
			`+ uint64_t qmp_client_id; /qmp client id, update if peer disconnect /`
			`/*`
			`* Protects qmp request/response queue.`
			`* Take monitor_lock first when you need both.`
			`diff --git a/monitor/qmp.c b/monitor/qmp.c`
			`index 6eee450fe4..8f7671c5f1 100644`
			`--- a/monitor/qmp.c`
			`+++ b/monitor/qmp.c`
			`@@ -149,18 +149,19 @@ void qmp_send_response(MonitorQMP mon, const QDict rsp)`
			`* Null @rsp can only happen for commands with QCO_NO_SUCCESS_RESP.`
			`* Nothing is emitted then.`
			`*/`
			`-static void monitor_qmp_respond(MonitorQMP mon, QDict rsp)`
			`+static void monitor_qmp_respond(MonitorQMP mon, QDict rsp, uint64_t req_client_id)`
			`{`
			`- if (rsp) {`
			`- qmp_send_response(mon, rsp);`
			`+ if (!rsp \|\| (mon->qmp_client_id != req_client_id)) {`
			`+ return;`
			`}`
			`+ qmp_send_response(mon, rsp);`
			`}`

			`/*`
			`* Runs outside of coroutine context for OOB commands, but in`
			`* coroutine context for everything else.`
			`*/`
			`-static void monitor_qmp_dispatch(MonitorQMP mon, QObject req)`
			`+static void monitor_qmp_dispatch(MonitorQMP mon, QObject req, uint64_t req_client_id)`
			`{`
			`QDict *rsp;`
			`QDict *error;`
			`@@ -180,7 +181,7 @@ static void monitor_qmp_dispatch(MonitorQMP mon, QObject req)`
			`}`
			`}`

			`- monitor_qmp_respond(mon, rsp);`
			`+ monitor_qmp_respond(mon, rsp, req_client_id);`
			`qobject_unref(rsp);`
			`}`

			`@@ -340,13 +341,13 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)`
			`trace_monitor_qmp_cmd_in_band(id_json->str);`
			`g_string_free(id_json, true);`
			`}`
			`- monitor_qmp_dispatch(mon, req_obj->req);`
			`+ monitor_qmp_dispatch(mon, req_obj->req, mon->qmp_client_id);`
			`} else {`
			`assert(req_obj->err);`
			`trace_monitor_qmp_err_in_band(error_get_pretty(req_obj->err));`
			`rsp = qmp_error_response(req_obj->err);`
			`req_obj->err = NULL;`
			`- monitor_qmp_respond(mon, rsp);`
			`+ monitor_qmp_respond(mon, rsp, mon->qmp_client_id);`
			`qobject_unref(rsp);`
			`}`

			`@@ -402,7 +403,7 @@ static void handle_qmp_command(void opaque, QObject req, Error *err)`
			`trace_monitor_qmp_cmd_out_of_band(id_json->str);`
			`g_string_free(id_json, true);`
			`}`
			`- monitor_qmp_dispatch(mon, req);`
			`+ monitor_qmp_dispatch(mon, req, mon->qmp_client_id);`
			`qobject_unref(req);`
			`return;`
			`}`
			`@@ -486,6 +487,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)`
			`mon_refcount++;`
			`break;`
			`case CHR_EVENT_CLOSED:`
			`+ mon->qmp_client_id++;`
			`/*`
			`* Note: this is only useful when the output of the chardev`
			`* backend is still open. For example, when the backend is`
			`@@ -539,6 +541,7 @@ void monitor_init_qmp(Chardev chr, bool pretty, Error *errp)`
			`}`
			`qemu_chr_fe_set_echo(&mon->common.chr, true);`

			`+ mon->qmp_client_id = 1;`
			`/* Note: we run QMP monitor in I/O thread when @chr supports that */`
			`monitor_data_init(&mon->common, true, false,`
			`qemu_chr_has_feature(chr, QEMU_CHAR_FEATURE_GCONTEXT));`
			`--`
			`2.27.0`