From: Paolo Bonzini <pbonzini@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>, Fam Zheng <famz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-block@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, tubo@linux.vnet.ibm.com,
Stefan Hajnoczi <stefanha@redhat.com>,
cornelia.huck@de.ibm.com, borntraeger@de.ibm.com
Subject: Re: [Qemu-devel] [Qemu-block] [PATCH 4/4] virtio-blk: Clean up start/stop with mutex and BH
Date: Thu, 17 Mar 2016 16:07:22 +0100 [thread overview]
Message-ID: <56EAC82A.50907@redhat.com> (raw)
In-Reply-To: <20160317150057.GP14062@stefanha-x1.localdomain>
On 17/03/2016 16:00, Stefan Hajnoczi wrote:
>> > + data = g_new(VirtIOBlockStartData, 1);
>> > + data->vblk = vblk;
>> > + data->bh = aio_bh_new(s->ctx, virtio_blk_data_plane_start_bh_cb, data);
>> > + qemu_bh_schedule(data->bh);
>> > + qemu_mutex_unlock(&s->start_stop_lock);
>> > return;
> This BH usage pattern is dangerous:
>
> 1. The BH is created and scheduled.
> 2. Before the BH executes the device is unrealized.
> 3. The data->bh pointer is inaccessible so we have a dangling BH that
> will access vblk after vblk has been freed.
>
> In some cases it can be safe but I don't see why the pattern is safe in
> this case. Either the BH needs to hold some sort of reference to keep
> vblk alive, or vblk needs to know about pending BHs so they can be
> deleted.
You're right. After unrealizing virtio_blk_data_plane_stop has set of
vblk->dataplane_started = false, so that's covered. However, you still
need an object_ref/object_object_unref pair.
That said, Christian wasn't testing hotplug/hot-unplug so this shouldn't
matter in his case. Let's see if we can catch the reentrancy with an
assertion...
Paolo
next prev parent reply other threads:[~2016-03-17 15:07 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-16 10:10 [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop Fam Zheng
2016-03-16 10:10 ` [Qemu-devel] [PATCH 1/4] block: Use drained section in bdrv_set_aio_context Fam Zheng
2016-03-16 10:27 ` Paolo Bonzini
2016-03-16 10:51 ` Fam Zheng
2016-03-16 10:10 ` [Qemu-devel] [PATCH 2/4] block-backend: Introduce blk_drained_begin/end Fam Zheng
2016-03-16 10:10 ` [Qemu-devel] [PATCH 3/4] virtio-blk: Use blk_drained_begin/end around dataplane stop Fam Zheng
2016-03-16 10:10 ` [Qemu-devel] [PATCH 4/4] virtio-blk: Clean up start/stop with mutex and BH Fam Zheng
2016-03-17 15:00 ` [Qemu-devel] [Qemu-block] " Stefan Hajnoczi
2016-03-17 15:07 ` Paolo Bonzini [this message]
2016-03-22 12:52 ` Fam Zheng
2016-03-22 18:05 ` Paolo Bonzini
2016-03-23 8:10 ` Cornelia Huck
2016-03-23 9:08 ` Paolo Bonzini
2016-03-23 9:12 ` Christian Borntraeger
2016-03-24 8:19 ` tu bo
2016-03-24 8:32 ` Cornelia Huck
2016-03-24 8:47 ` Cornelia Huck
2016-03-24 9:31 ` Cornelia Huck
2016-03-16 10:28 ` [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop Paolo Bonzini
2016-03-16 10:49 ` Christian Borntraeger
2016-03-16 11:09 ` Paolo Bonzini
2016-03-16 11:24 ` Christian Borntraeger
2016-03-16 12:55 ` Paolo Bonzini
2016-03-16 13:38 ` Christian Borntraeger
2016-03-16 13:45 ` Paolo Bonzini
2016-03-17 0:39 ` Fam Zheng
2016-03-17 11:03 ` tu bo
2016-03-21 10:57 ` Fam Zheng
2016-03-21 11:15 ` Cornelia Huck
2016-03-21 12:45 ` Fam Zheng
2016-03-21 13:02 ` Cornelia Huck
2016-03-21 23:45 ` Fam Zheng
2016-03-22 8:06 ` Cornelia Huck
2016-03-22 7:10 ` tu bo
2016-03-22 7:18 ` Fam Zheng
2016-03-22 9:07 ` Cornelia Huck
2016-03-22 9:46 ` Paolo Bonzini
2016-03-22 11:59 ` Cornelia Huck
2016-03-22 12:11 ` Paolo Bonzini
2016-03-22 12:54 ` Cornelia Huck
2016-03-17 12:22 ` tu bo
2016-03-17 12:39 ` Christian Borntraeger
2016-03-17 13:02 ` Cornelia Huck
2016-03-17 15:02 ` Paolo Bonzini
2016-03-17 15:07 ` Christian Borntraeger
2016-03-17 15:15 ` Christian Borntraeger
2016-03-17 15:16 ` Christian Borntraeger
2016-03-17 16:08 ` Christian Borntraeger
2016-03-18 15:03 ` Paolo Bonzini
2016-03-21 9:42 ` Fam Zheng
2016-03-21 11:10 ` Christian Borntraeger
2016-03-21 12:17 ` Cornelia Huck
2016-03-21 13:47 ` TU BO
2016-03-21 13:54 ` Paolo Bonzini
2016-03-21 14:19 ` Cornelia Huck
2016-03-22 0:31 ` Fam Zheng
2016-03-16 11:32 ` Cornelia Huck
2016-03-16 11:48 ` Paolo Bonzini
2016-03-16 11:56 ` Cornelia Huck
2016-03-16 11:59 ` Paolo Bonzini
2016-03-16 12:22 ` Cornelia Huck
2016-03-16 12:32 ` Paolo Bonzini
2016-03-16 12:42 ` Cornelia Huck
2016-03-16 12:49 ` Paolo Bonzini
2016-03-16 13:04 ` Cornelia Huck
2016-03-16 13:10 ` Paolo Bonzini
2016-03-16 13:14 ` Cornelia Huck
2016-03-16 13:15 ` Paolo Bonzini
2016-03-16 11:52 ` Cornelia Huck
2016-03-16 11:54 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56EAC82A.50907@redhat.com \
--to=pbonzini@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cornelia.huck@de.ibm.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
--cc=tubo@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.