From: Jan Kiszka <jan.kiszka@web.de>
To: Corentin Chary <corentin.chary@gmail.com>
Cc: Peter Lieven <pl@dlh.net>, qemu-devel <qemu-devel@nongnu.org>,
kvm@vger.kernel.org
Subject: Re: [Qemu-devel] Re: segmentation fault in qemu-kvm-0.14.0
Date: Wed, 09 Mar 2011 10:58:44 +0100 [thread overview]
Message-ID: <4D774F54.2050004@web.de> (raw)
In-Reply-To: <AANLkTim9rECCG+kA6=5BE1sZ_b7fN=vRGM+M8hbMiNy8@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2349 bytes --]
On 2011-03-09 10:54, Corentin Chary wrote:
> Re-reading:
>
>>> So we are calling a IOHandlerRecord::fd_write handler that is NULL.
>>> Looking at qemu_set_fd_handler2, this may happen if that function is
>>> called for an existing io-handler entry with non-NULL write handler,
>>> passing a NULL write and a non-NULL read handler. And all this without
>>> the global mutex held.
>
> When using the vnc thread, nothing in the vnc thread will never be
> called directly by an IO-handler. So I don't really how in would
> trigger this.
> And since there is a lock for accessing the output buffer (and the
> network actually), there should not be any race condition either.
>
> So the real issue, is that qemu_set_fd_handler2() is called outside of
> the main thread by those two vnc_write() and vnc_flush() calls,
> without any kind of locking.
Yes, that's what I was referring to.
>
>> In upstream qemu, the latter - if it exists (which is not the case in
>> non-io-thread mode).
>> In qemu-kvm, those locks are yet unused. Rather the code in qemu-kvm.c
>> implements the global lock.
>
> So there is currently no lock for that when io-thread is disabled :/.
> Spice also seems to project this kind of thing with
> qemu_mutex_lock_iothread().
>
> Maybe qemu_mutex_lock_iothread() should also be defined when
> CONFIG_VNC_THREAD=y ?
>
>> But I'm also not sure about vnc_send_framebuffer_update. Someone has to
>> go through the threaded vnc code again, very thoroughly. It looks fragile.
>
> while vnc-thread is enabled vnc_send_framebuffer_update() will always
> call vnc_write() with csock = -1 in a temporary buffer. Check
> vnc_async_encoding_start() and vnc_async_encoding_end(), they provide
> a kind of "sandbox" that prevent the thread to write anything the
> main-thread will use. You can also see that as a "transaction": the
> thread compute the update in a temporary buffer, and only send it to
> the network (real vnc_write calls with csock correctly set) once it's
> successfully finished.
>
> The is only two functions calls that break this isolation are the two
> that I pointed out earlier.
Probably the best way is to make vnc stop fiddling with
qemu_set_fd_handler2, specifically in threaded mode. Why does it need to
set/reset the write handler all the time?
Jan
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]
next prev parent reply other threads:[~2011-03-09 9:58 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-08 22:53 segmentation fault in qemu-kvm-0.14.0 Peter Lieven
2011-03-08 22:53 ` [Qemu-devel] " Peter Lieven
2011-03-09 7:13 ` Corentin Chary
2011-03-09 7:26 ` Stefan Weil
2011-03-09 7:26 ` Stefan Weil
2011-03-09 7:39 ` Michael Tokarev
2011-03-09 7:39 ` Michael Tokarev
2011-03-09 9:22 ` Stefan Weil
2011-03-09 9:22 ` Stefan Weil
2011-03-09 10:00 ` Peter Lieven
2011-03-09 10:00 ` Peter Lieven
2011-03-15 12:53 ` Peter Lieven
2011-03-15 12:53 ` Peter Lieven
2011-03-15 18:52 ` Stefan Weil
2011-03-15 18:52 ` Stefan Weil
2011-03-09 7:37 ` Jan Kiszka
2011-03-09 7:37 ` [Qemu-devel] " Jan Kiszka
2011-03-09 8:50 ` Corentin Chary
2011-03-09 9:04 ` Jan Kiszka
2011-03-09 9:54 ` Corentin Chary
2011-03-09 9:58 ` Jan Kiszka [this message]
2011-03-09 10:02 ` Jan Kiszka
2011-03-09 10:06 ` Corentin Chary
2011-03-09 10:12 ` Jan Kiszka
2011-03-09 10:14 ` Corentin Chary
2011-03-09 10:17 ` Jan Kiszka
2011-03-09 10:41 ` [PATCH] vnc: threaded server depends on io-thread Corentin Chary
2011-03-09 10:41 ` [Qemu-devel] " Corentin Chary
2011-03-09 10:50 ` Peter Lieven
2011-03-09 10:50 ` [Qemu-devel] " Peter Lieven
2011-03-09 10:57 ` Corentin Chary
2011-03-09 10:57 ` [Qemu-devel] " Corentin Chary
2011-03-09 11:05 ` Stefan Hajnoczi
2011-03-09 11:05 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-09 11:25 ` Jan Kiszka
2011-03-09 11:25 ` [Qemu-devel] " Jan Kiszka
2011-03-09 11:32 ` Peter Lieven
2011-03-09 11:32 ` [Qemu-devel] " Peter Lieven
2011-03-09 11:33 ` Jan Kiszka
2011-03-09 11:33 ` [Qemu-devel] " Jan Kiszka
2011-03-09 11:42 ` Jan Kiszka
2011-03-09 11:42 ` [Qemu-devel] " Jan Kiszka
2011-03-09 12:50 ` Peter Lieven
2011-03-09 12:50 ` [Qemu-devel] " Peter Lieven
2011-03-09 13:21 ` [PATCH v2] " Corentin Chary
2011-03-09 13:21 ` [Qemu-devel] " Corentin Chary
2011-03-09 13:42 ` Corentin Chary
2011-03-09 13:42 ` [Qemu-devel] " Corentin Chary
2011-03-09 13:51 ` Paolo Bonzini
2011-03-09 13:51 ` [Qemu-devel] " Paolo Bonzini
2011-03-09 13:59 ` Corentin Chary
2011-03-09 13:59 ` [Qemu-devel] " Corentin Chary
2011-03-10 12:59 ` [PATCH 1/2] sockets: add qemu_socketpair() Corentin Chary
2011-03-10 12:59 ` [Qemu-devel] " Corentin Chary
2011-03-10 12:59 ` [PATCH 2/2] vnc: don't mess up with iohandlers in the vnc thread Corentin Chary
2011-03-10 12:59 ` [Qemu-devel] " Corentin Chary
2011-03-10 13:06 ` Paolo Bonzini
2011-03-10 13:06 ` [Qemu-devel] " Paolo Bonzini
2011-03-10 13:45 ` Anthony Liguori
2011-03-10 13:45 ` [Qemu-devel] " Anthony Liguori
2011-03-10 13:54 ` Corentin Chary
2011-03-10 13:54 ` [Qemu-devel] " Corentin Chary
2011-03-10 13:58 ` Paolo Bonzini
2011-03-10 13:58 ` [Qemu-devel] " Paolo Bonzini
2011-03-10 13:56 ` Paolo Bonzini
2011-03-10 13:56 ` [Qemu-devel] " Paolo Bonzini
2011-03-10 13:47 ` Peter Lieven
2011-03-10 13:47 ` [Qemu-devel] " Peter Lieven
2011-03-10 15:13 ` [PATCH v5] " Corentin Chary
2011-03-10 15:13 ` [Qemu-devel] " Corentin Chary
2011-03-14 9:19 ` Corentin Chary
2011-03-14 9:19 ` [Qemu-devel] " Corentin Chary
2011-03-14 9:55 ` Peter Lieven
2011-03-14 9:55 ` [Qemu-devel] " Peter Lieven
2011-03-15 16:55 ` Peter Lieven
2011-03-15 16:55 ` [Qemu-devel] " Peter Lieven
2011-03-15 18:07 ` Peter Lieven
2011-03-15 18:07 ` [Qemu-devel] " Peter Lieven
2011-03-09 10:02 ` segmentation fault in qemu-kvm-0.14.0 Peter Lieven
2011-03-09 10:02 ` [Qemu-devel] " Peter Lieven
2011-03-09 10:16 ` Peter Lieven
2011-03-09 10:16 ` [Qemu-devel] " Peter Lieven
2011-03-09 10:20 ` Jan Kiszka
2011-03-09 10:20 ` [Qemu-devel] " Jan Kiszka
2011-03-09 10:31 ` Peter Lieven
2011-03-09 10:31 ` [Qemu-devel] " Peter Lieven
2011-03-09 11:20 ` Paolo Bonzini
2011-03-09 11:20 ` [Qemu-devel] " Paolo Bonzini
2011-03-09 11:44 ` Jan Kiszka
2011-03-09 11:44 ` [Qemu-devel] " Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D774F54.2050004@web.de \
--to=jan.kiszka@web.de \
--cc=corentin.chary@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=pl@dlh.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.