[Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault
@ 2015-02-27 19:05 Paolo Bonzini
  2015-02-27 19:05 ` [Qemu-devel] [PATCH 1/2] cpus: fix deadlock and segfault in qemu_mutex_lock_iothread Paolo Bonzini
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Paolo Bonzini @ 2015-02-27 19:05 UTC (permalink / raw)
  To: qemu-devel; +Cc: leon.alrae, gson

Reported by Leon Alrae on the mailing list, and by
Andreas Gustafsson as Launchpad bug 1426472.

Paolo Bonzini (2):
  cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
  cpus: be more paranoid in avoiding deadlocks

 cpus.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

-- 
2.3.0

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Qemu-devel] [PATCH 1/2] cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
  2015-02-27 19:05 [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Paolo Bonzini
@ 2015-02-27 19:05 ` Paolo Bonzini
  2015-02-27 19:05 ` [Qemu-devel] [PATCH 2/2] cpus: be more paranoid in avoiding deadlocks Paolo Bonzini
  2015-03-02  9:45 ` [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Leon Alrae
  2 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2015-02-27 19:05 UTC (permalink / raw)
  To: qemu-devel; +Cc: leon.alrae, gson

When two threads (other than the low-priority TCG VCPU thread)
are competing for the iothread lock, a deadlock can happen.  This
is because iothread_requesting_mutex is set to false by the first
thread that gets the mutex, and then the VCPU thread might never
yield from the execution loop.  If iothread_requesting_mutex is
changed from a bool to a counter, the deadlock is fixed.

However, there is another bug in qemu_mutex_lock_iothread that
can be triggered by the new call_rcu thread.  The bug happens
if qemu_mutex_lock_iothread is called before the CPUs are
created.  In that case, first_cpu is NULL and the caller
segfaults in qemu_mutex_lock_iothread.  To fix this, just
do not do the kick if first_cpu is NULL.

Reported-by: Leon Alrae <leon.alrae@imgtec.com>
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 cpus.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cpus.c b/cpus.c
index 1cd9867..83c078e 100644
--- a/cpus.c
+++ b/cpus.c
@@ -778,7 +778,7 @@ static void qemu_tcg_init_cpu_signals(void)
 
 static QemuMutex qemu_global_mutex;
 static QemuCond qemu_io_proceeded_cond;
-static bool iothread_requesting_mutex;
+static unsigned iothread_requesting_mutex;
 
 static QemuThread io_thread;
 
@@ -1115,15 +1115,15 @@ bool qemu_in_vcpu_thread(void)
 
 void qemu_mutex_lock_iothread(void)
 {
-    if (!tcg_enabled()) {
+    if (!tcg_enabled() || !first_cpu) {
         qemu_mutex_lock(&qemu_global_mutex);
     } else {
-        iothread_requesting_mutex = true;
+        atomic_inc(&iothread_requesting_mutex);
         if (qemu_mutex_trylock(&qemu_global_mutex)) {
             qemu_cpu_kick_thread(first_cpu);
             qemu_mutex_lock(&qemu_global_mutex);
         }
-        iothread_requesting_mutex = false;
+        atomic_dec(&iothread_requesting_mutex);
         qemu_cond_broadcast(&qemu_io_proceeded_cond);
     }
 }
-- 
2.3.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Qemu-devel] [PATCH 2/2] cpus: be more paranoid in avoiding deadlocks
  2015-02-27 19:05 [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Paolo Bonzini
  2015-02-27 19:05 ` [Qemu-devel] [PATCH 1/2] cpus: fix deadlock and segfault in qemu_mutex_lock_iothread Paolo Bonzini
@ 2015-02-27 19:05 ` Paolo Bonzini
  2015-03-02  9:45 ` [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Leon Alrae
  2 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2015-02-27 19:05 UTC (permalink / raw)
  To: qemu-devel; +Cc: leon.alrae, gson

For good measure, ensure that the following sequence:

   thread 1 calls qemu_mutex_lock_iothread
   thread 2 calls qemu_mutex_lock_iothread
   VCPU thread are created
   VCPU thread enters execution loop

results in the VCPU threads letting the other two threads run
and obeying iothread_requesting_mutex even if the VCPUs are
not halted.  To do this, check iothread_requesting_mutex
before execution starts.

I could not reproduce this problem; it was only found by
inspection.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 cpus.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index 83c078e..0fac143 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1025,6 +1025,9 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
         }
     }
 
+    /* process any pending work */
+    exit_request = 1;
+
     while (1) {
         tcg_exec_all();
 
@@ -1115,10 +1118,11 @@ bool qemu_in_vcpu_thread(void)
 
 void qemu_mutex_lock_iothread(void)
 {
+    atomic_inc(&iothread_requesting_mutex);
     if (!tcg_enabled() || !first_cpu) {
         qemu_mutex_lock(&qemu_global_mutex);
+        atomic_dec(&iothread_requesting_mutex);
     } else {
-        atomic_inc(&iothread_requesting_mutex);
         if (qemu_mutex_trylock(&qemu_global_mutex)) {
             qemu_cpu_kick_thread(first_cpu);
             qemu_mutex_lock(&qemu_global_mutex);
-- 
2.3.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault
  2015-02-27 19:05 [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Paolo Bonzini
  2015-02-27 19:05 ` [Qemu-devel] [PATCH 1/2] cpus: fix deadlock and segfault in qemu_mutex_lock_iothread Paolo Bonzini
  2015-02-27 19:05 ` [Qemu-devel] [PATCH 2/2] cpus: be more paranoid in avoiding deadlocks Paolo Bonzini
@ 2015-03-02  9:45 ` Leon Alrae
  2 siblings, 0 replies; 4+ messages in thread
From: Leon Alrae @ 2015-03-02  9:45 UTC (permalink / raw)
  To: Paolo Bonzini, qemu-devel; +Cc: gson

On 27/02/2015 19:05, Paolo Bonzini wrote:
> Reported by Leon Alrae on the mailing list, and by
> Andreas Gustafsson as Launchpad bug 1426472.
> 
> Paolo Bonzini (2):
>   cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
>   cpus: be more paranoid in avoiding deadlocks

I don't know this part well enough to put Rev-by, but these fixes work
for me:

Tested-by: Leon Alrae <leon.alrae@imgtec.com>

Thanks,
Leon

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-03-02  9:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-27 19:05 [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Paolo Bonzini
2015-02-27 19:05 ` [Qemu-devel] [PATCH 1/2] cpus: fix deadlock and segfault in qemu_mutex_lock_iothread Paolo Bonzini
2015-02-27 19:05 ` [Qemu-devel] [PATCH 2/2] cpus: be more paranoid in avoiding deadlocks Paolo Bonzini
2015-03-02  9:45 ` [Qemu-devel] [PATCH 0/2] cpus: fix deadlock and segfault Leon Alrae

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.