From: Jan Kiszka <jan.kiszka@siemens.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH] Fix alarm_timer race with select - v3
Date: Wed, 05 Nov 2008 20:04:09 +0100 [thread overview]
Message-ID: <4911EE29.7040300@siemens.com> (raw)
In-Reply-To: <f43fc5580811051035v15514fb7h7eb48b2c74511102@mail.gmail.com>
Blue Swirl wrote:
> On 11/5/08, Jan Kiszka <jan.kiszka@siemens.com> wrote:
>> [ changes: correct nfds initialization, more robust O_NONBLOCK setup ]
>>
>> Changing the default IO timeout to 5 s (#5578) made a race visible
>> between the alarm_timer and select() in main_loop_wait(): If the timer
>> fired before select() was able to block, the full select() timeout could
>> have been applied instead of returning immediately. Since #5578, this
>> causes heavy problems to the Musicpal board emulation with stalls up to
>> 5 s, but also with some older Linux guest kernels.
>>
>> The following patch introduces a pipe that is written to by
>> host_alarm_handler and select()'ed in main_loop_wait(). This avoids
>> prevents that select() blocks though a timer has fired and waits for
>> processing.
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
>
>> @@ -1304,12 +1305,15 @@ static void host_alarm_handler(int host_
>> qemu_get_clock(vm_clock))) ||
>> qemu_timer_expired(active_timers[QEMU_TIMER_REALTIME],
>> qemu_get_clock(rt_clock))) {
>> + CPUState *env = next_cpu;
>> + char byte = 0;
>> +
>> #ifdef _WIN32
>> struct qemu_alarm_win32 *data = ((struct qemu_alarm_timer*)dwUser)->priv;
>> SetEvent(data->host_alarm);
>> #endif
>> - CPUState *env = next_cpu;
>>
>> + write(alarm_timer_wfd, &byte, sizeof(byte));
>
> For the write case, we could save one initialization write access to
> the "byte" for every alarm trigger if it's static const.
>
So shall it be.
-------->
Changing the default IO timeout to 5 s (#5578) made a race visible
between the alarm_timer and select() in main_loop_wait(): If the timer
fired before select was able to block, the full select() timeout could
have been applied instead of returning immediately. Since #5578, this
causes heavy problems to the Musicpal board emulation with stalls up to
5 s, but also with some older Linux guest kernels.
The following patch introduces a pipe that is written to by
host_alarm_handler and select()'ed in main_loop_wait(). This avoids
prevents that select() blocks though a timer has fired and waits for
processing.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
---
vl.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
Index: b/vl.c
===================================================================
--- a/vl.c
+++ b/vl.c
@@ -885,6 +885,7 @@ static void qemu_rearm_alarm_timer(struc
#define MIN_TIMER_REARM_US 250
static struct qemu_alarm_timer *alarm_timer;
+static int alarm_timer_rfd, alarm_timer_wfd;
#ifdef _WIN32
@@ -1304,12 +1305,15 @@ static void host_alarm_handler(int host_
qemu_get_clock(vm_clock))) ||
qemu_timer_expired(active_timers[QEMU_TIMER_REALTIME],
qemu_get_clock(rt_clock))) {
+ CPUState *env = next_cpu;
+ static const char byte = 0;
+
#ifdef _WIN32
struct qemu_alarm_win32 *data = ((struct qemu_alarm_timer*)dwUser)->priv;
SetEvent(data->host_alarm);
#endif
- CPUState *env = next_cpu;
+ write(alarm_timer_wfd, &byte, sizeof(byte));
alarm_timer->flags |= ALARM_FLAG_EXPIRED;
if (env) {
@@ -1674,6 +1678,20 @@ static void init_timer_alarm(void)
{
struct qemu_alarm_timer *t = NULL;
int i, err = -1;
+ int fds[2];
+
+ if (pipe(fds) < 0) {
+ fail:
+ perror("creating timer pipe");
+ exit(1);
+ }
+ for (i = 0; i < 2; i++) {
+ int flags = fcntl(fds[i], F_GETFL);
+ if (flags == -1 || fcntl(fds[i], F_SETFL, flags | O_NONBLOCK))
+ goto fail;
+ }
+ alarm_timer_rfd = fds[0];
+ alarm_timer_wfd = fds[1];
for (i = 0; alarm_timers[i].name; i++) {
t = &alarm_timers[i];
@@ -4426,8 +4444,9 @@ void main_loop_wait(int timeout)
/* poll any events */
/* XXX: separate device handlers from system ones */
- nfds = -1;
+ nfds = alarm_timer_rfd;
FD_ZERO(&rfds);
+ FD_SET(alarm_timer_rfd, &rfds);
FD_ZERO(&wfds);
FD_ZERO(&xfds);
for(ioh = first_io_handler; ioh != NULL; ioh = ioh->next) {
@@ -4501,6 +4520,11 @@ void main_loop_wait(int timeout)
qemu_get_clock(rt_clock));
if (alarm_timer->flags & ALARM_FLAG_EXPIRED) {
+ char byte;
+ do {
+ ret = read(alarm_timer_rfd, &byte, sizeof(byte));
+ } while (ret != -1 || errno != EAGAIN);
+
alarm_timer->flags &= ~(ALARM_FLAG_EXPIRED);
qemu_rearm_alarm_timer(alarm_timer);
}
next prev parent reply other threads:[~2008-11-05 19:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-05 18:27 [Qemu-devel] [PATCH] Fix alarm_timer race with select - v3 Jan Kiszka
2008-11-05 18:35 ` Blue Swirl
2008-11-05 19:04 ` Jan Kiszka [this message]
2008-11-05 20:36 ` [Qemu-devel] " Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4911EE29.7040300@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.