From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B1481C2D0CD for ; Mon, 19 May 2025 14:22:53 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uH1NN-0006jT-Ew; Mon, 19 May 2025 10:21:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uH1NM-0006j7-2e for qemu-devel@nongnu.org; Mon, 19 May 2025 10:21:56 -0400 Received: from smtp-out2.suse.de ([195.135.223.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uH1NH-0005Ia-Do for qemu-devel@nongnu.org; Mon, 19 May 2025 10:21:55 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 2ED5D1F791; Mon, 19 May 2025 14:21:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747664509; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X9XyWh9GR8Ub9HxrjElojebt9fSY3GbwN+hXRzanPJI=; b=ARLSqnIlGORrGlKJZedEzs7Ss/oLaFapClPqHuIep9PNt1NAHCxDPQUmiwDcLsEKv+rmpX Q96QzvLT7H67l/+PfIXwr/F2QWV2Un9+1KKcN/gbZ4C5h5BsNqzud4FcitkaJDLOL4M2/7 qcMcBdg81t8NOBU3g5fIQys1ttdAIAk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747664509; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X9XyWh9GR8Ub9HxrjElojebt9fSY3GbwN+hXRzanPJI=; b=BU1ti8nip+AtxuseccKlVswffAbySnNx82CtCzw3+4EEEGjM+j/dCdCvzmA+NlTd2wZ/uW J8JCsCsNpEqOkACg== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747664508; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X9XyWh9GR8Ub9HxrjElojebt9fSY3GbwN+hXRzanPJI=; b=wAkJCTf5KkhOVWq1xNlcTB/zWRZu5zkyovA4SpLxsHnKyHIlxKOSml3klZEqpak8Q/LjYY lYTsDtZiI4X6vxu2nIpB697rNk6+9NtoTsJx9Ix/E0wQveomhZ78KzvbjJ1OkvALCWTQKx 8c7U3e8w64s6Xtsa3NYssMSQKKXxhGM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747664508; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X9XyWh9GR8Ub9HxrjElojebt9fSY3GbwN+hXRzanPJI=; b=or3Y34QQcNEAmobWYjGDs9v5kmd9x7D4lZEQjGijEsIk1O1lu1gL1CDFUUqOtUvgW+hi32 +Vis4TpXrf9fVLBg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 96EF213A30; Mon, 19 May 2025 14:21:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id OubEFHs+K2i/NgAAD6G6ig (envelope-from ); Mon, 19 May 2025 14:21:47 +0000 From: Fabiano Rosas To: =?utf-8?Q?Daniel_P=2E_Berrang=C3=A9?= Cc: qemu-devel@nongnu.org, marcandre.lureau@redhat.com, pbonzini@redhat.com Subject: Re: [PATCH 4/4] chardev: Introduce a lock for hup_source In-Reply-To: References: <20250515222014.4161-1-farosas@suse.de> <20250515222014.4161-5-farosas@suse.de> Date: Mon, 19 May 2025 11:21:44 -0300 Message-ID: <87wmac7kav.fsf@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-1.30 / 50.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; MISSING_XM_UA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; RCVD_COUNT_TWO(0.00)[2]; FUZZY_BLOCKED(0.00)[rspamd.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid] Received-SPF: pass client-ip=195.135.223.131; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Daniel P. Berrang=C3=A9 writes: > On Thu, May 15, 2025 at 07:20:14PM -0300, Fabiano Rosas wrote: >> It's possible for the hup_source to have its reference decremented by >> remove_hup_source() while it's still being added to the context, >> leading to asserts in glib: > > IIUC this must mean that > > tcp_chr_free_connection > > is being called concurrently with > > update_ioc_handlers > > I'm wondering if that is really intended, or a sign of a deeper > bug that we'll just paper over if we add the mutex proposed here. > Yeah... I can't tell, I'm new to this code. But I agree that this smells of a bug somewhere else. > Are you able to provide stack traces showing the 2 concurrent > operations that are triggering this problem ? > I wasn't able to, it triggers in the glib subprocess which is a pain to debug. I'll give it another try now that there's fixes for the other bugs. >>=20 >> g_source_set_callback_indirect: assertion 'g_atomic_int_get >> (&source->ref_count) > 0' >>=20 >> g_source_attach: assertion 'g_atomic_int_get (&source->ref_count) > 0' >> failed >>=20 >> Add a lock to serialize removal and creation. >>=20 >> Signed-off-by: Fabiano Rosas >> --- >> chardev/char-socket.c | 4 ++++ >> chardev/char.c | 2 ++ >> include/chardev/char.h | 1 + >> 3 files changed, 7 insertions(+) >>=20 >> diff --git a/chardev/char-socket.c b/chardev/char-socket.c >> index d16608f1ed..88db9acd0d 100644 >> --- a/chardev/char-socket.c >> +++ b/chardev/char-socket.c >> @@ -374,7 +374,9 @@ static void tcp_chr_free_connection(Chardev *chr) >> s->read_msgfds_num =3D 0; >> } >>=20=20 >> + qemu_mutex_lock(&chr->hup_source_lock); >> remove_hup_source(s); >> + qemu_mutex_unlock(&chr->hup_source_lock); >>=20=20 >> tcp_set_msgfds(chr, NULL, 0); >> remove_fd_in_watch(chr); >> @@ -613,6 +615,7 @@ static void update_ioc_handlers(SocketChardev *s) >> tcp_chr_read, chr, >> chr->gcontext); >>=20=20 >> + qemu_mutex_lock(&chr->hup_source_lock); >> remove_hup_source(s); >> s->hup_source =3D qio_channel_create_watch(s->ioc, G_IO_HUP); >> /* >> @@ -634,6 +637,7 @@ static void update_ioc_handlers(SocketChardev *s) >> g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup, >> chr, NULL); >> g_source_attach(s->hup_source, chr->gcontext); >> + qemu_mutex_unlock(&chr->hup_source_lock); >> } >>=20=20 >> static void tcp_chr_connect(void *opaque) >> diff --git a/chardev/char.c b/chardev/char.c >> index bbebd246c3..d03f698b38 100644 >> --- a/chardev/char.c >> +++ b/chardev/char.c >> @@ -279,6 +279,7 @@ static void char_init(Object *obj) >> chr->handover_yank_instance =3D false; >> chr->logfd =3D -1; >> qemu_mutex_init(&chr->chr_write_lock); >> + qemu_mutex_init(&chr->hup_source_lock); >>=20=20 >> /* >> * Assume if chr_update_read_handler is implemented it will >> @@ -316,6 +317,7 @@ static void char_finalize(Object *obj) >> close(chr->logfd); >> } >> qemu_mutex_destroy(&chr->chr_write_lock); >> + qemu_mutex_destroy(&chr->hup_source_lock); >> } >>=20=20 >> static const TypeInfo char_type_info =3D { >> diff --git a/include/chardev/char.h b/include/chardev/char.h >> index 429852f8d9..064184153d 100644 >> --- a/include/chardev/char.h >> +++ b/include/chardev/char.h >> @@ -60,6 +60,7 @@ struct Chardev { >> Object parent_obj; >>=20=20 >> QemuMutex chr_write_lock; >> + QemuMutex hup_source_lock; >> CharBackend *be; >> char *label; >> char *filename; >> --=20 >> 2.35.3 >>=20 > > With regards, > Daniel