All of lore.kernel.org
 help / color / mirror / Atom feed
From: Fam Zheng <famz@redhat.com>
To: wang.yong155@zte.com.cn
Cc: pbonzini@redhat.com, stefanha@redhat.com, jasowang@redhat.com,
	zhangchen.fnst@cn.fujitsu.com, zhang.zhanghailiang@huawei.com,
	wang.guang55@zte.com.cn, lizhijian@cn.fujitsu.com,
	qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] 答复: Re: [PATCHv4 01/03] qemu-iothread: IOThread supports theGMainContext event loop
Date: Wed, 23 Aug 2017 16:43:42 +0800	[thread overview]
Message-ID: <20170823084342.GA15802@lemon> (raw)
In-Reply-To: <201708231558023809685@zte.com.cn>

Hi Wang Yong,

To make the discussion easier, please try to fix your email client to:

1) set In-Reply-To: header when replying
2) use plain text instead of html
3) use monospace fonts to view and compose a reply
4) avoid attaching the original email in the end, just reply inline
5) maybe, use "Re:" in the subject for reply, avoid "答复:"
6) include not only email addresses in From:To:/Cc: headers, but also
   the names of recipients, in the form of

       Some Body <some.body@example.com>, Another One <another.one@example.com>,
       ...

Or maybe just switch to a functional email client.

On Wed, 08/23 15:58, wang.yong155@zte.com.cn wrote:
> >> diff --git a/iothread.c b/iothread.c>> index beeb870..fb1c55b 100644>> --- a/iothread.c>> +++ b/iothread.c>> @@ -57,6 +57,20 @@ static void *iothread_run(void *opaque)>>  >>      while (!atomic_read(&iothread->stopping)) {>>          aio_poll(iothread->ctx, true)>> +>> +        if (atomic_read(&iothread->worker_context)) {>> +            g_main_context_push_thread_default(iothread->worker_context)>> +            iothread->main_loop =>> +                g_main_loop_new(iothread->worker_context, TRUE)>> +            g_main_loop_run(iothread->main_loop)>> +>> +            g_main_loop_unref(iothread->main_loop)>> +            iothread->main_loop = NULL>
> 
> >You should clear iothread->main_loop first before calling g_main_loop_unref(),>to avoid TOCTOU race with iothread_stop():>
> 
> >  iothread_run (in IOThread)          iothread_stop (in main thread)> ========================================================================>                                    if (atomic_read(&iothread->main_loop)) {>  /* frees iothread->main_loop */>  g_main_loop_unref(...)>                                         /* Accesses freed memory */>                                          g_main_loop_quit(iothread->main_loop)>                                      }>  iothread->main_loop = NULL
> 
> When the g_main_loop_quit function is called, the g_main_loop_run function can exit?
> 
> 
> 
> 
> iothread_run (in IOThread)                                         iothread_stop (in main thread)
> 
> ========================================================================
> 
>                                                                                    /*step1: set  loop->is_running = FALSE*/
> 
>                                                                                   g_main_loop_quit(iothread->main_loop)
> 
> /*step2: main loop exit */                                                                                                                                                                    
> 
> g_main_loop_run()
> 
> /*step3:frees iothread->main_loop memory*/
> 
> g_main_loop_unref(...)
> 
> iothread->main_loop = NULL
> 
> 
> 
> 
> I think it's ok, I don't know whether I understand it correctly or not?

Your sequence is ok. But remember this is multi-threaded and the execution order
between two threads are non-deterministic. The sequence I pointed out is also
"possible" and will cause use-after-free due to TOCTOU race condition [1].

[1]: https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use

Fam

      reply	other threads:[~2017-08-23  8:43 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-23  7:58 [Qemu-devel] 答复: Re: [PATCHv4 01/03] qemu-iothread: IOThread supports theGMainContext event loop wang.yong155
2017-08-23  8:43 ` Fam Zheng [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170823084342.GA15802@lemon \
    --to=famz@redhat.com \
    --cc=jasowang@redhat.com \
    --cc=lizhijian@cn.fujitsu.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=wang.guang55@zte.com.cn \
    --cc=wang.yong155@zte.com.cn \
    --cc=zhang.zhanghailiang@huawei.com \
    --cc=zhangchen.fnst@cn.fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.