From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Fabiano Rosas <farosas@suse.de>
Cc: qemu-devel@nongnu.org, marcandre.lureau@redhat.com, pbonzini@redhat.com
Subject: Re: [PATCH 2/4] chardev: Don't attempt to unregister yank function more than once
Date: Mon, 19 May 2025 11:52:12 +0100 [thread overview]
Message-ID: <aCsNXIpN5CVCG70S@redhat.com> (raw)
In-Reply-To: <20250515222014.4161-3-farosas@suse.de>
On Thu, May 15, 2025 at 07:20:12PM -0300, Fabiano Rosas wrote:
> tcp_chr_free_connection() can be called multiple times in succession,
> in which case the yank function will get as argument a NULL s->sioc
> that has been cleared by the previous tcp_chr_free_connection() call.
>
> This leads to an abort() at yank_unregister_function().
>
> #0 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1 __GI_abort () at abort.c:79
> #2 qtest_check_status (s=0x513000005600) at ../tests/qtest/libqtest.c:209
> #3 qtest_wait_qemu (s=0x513000005600) at ../tests/qtest/libqtest.c:273
> #4 qtest_kill_qemu (s=0x513000005600) at ../tests/qtest/libqtest.c:285
> #5 kill_qemu_hook_func (s=0x513000005600) at ../tests/qtest/libqtest.c:294
> #6 g_hook_list_invoke (hook_list=0x55ea9cc750c0 <abrt_hooks>, may_recurse=0) at ../glib/ghook.c:534
> #7 sigabrt_handler (signo=6) at ../tests/qtest/libqtest.c:299
> #8 <signal handler called>
> #9 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #10 __GI_abort () at abort.c:79
> #11 yank_unregister_function (instance=0x7fb26f2ea9a0,
> func=0x55ea9bcc0a10 <char_socket_yank_iochannel>, opaque=0x0) at
> ../util/yank.c:151
> #12 tcp_chr_free_connection (chr=0x51300000ffc0) at ../chardev/char-socket.c:385
> #13 tcp_chr_disconnect_locked (chr=0x51300000ffc0) at ../chardev/char-socket.c:477
> #14 tcp_chr_disconnect (chr=0x51300000ffc0) at ../chardev/char-socket.c:495
> #15 tcp_chr_hup (channel=0x514000000040, cond=G_IO_HUP, opaque=0x51300000ffc0) at ../chardev/char-socket.c:536
> #16 qio_channel_fd_source_dispatch (source=0x50c0000b5fc0, callback=0x55ea9bcd6770 <tcp_chr_hup>,
> user_data=0x51300000ffc0) at ../io/channel-watch.c:84
> #17 g_main_dispatch (context=0x50f000000040) at ../glib/gmain.c:3381
> #18 g_main_context_dispatch (context=context@entry=0x50f000000040) at ../glib/gmain.c:4099
> #19 g_main_context_iterate (context=0x50f000000040, block=block@entry=1, dispatch=dispatch@entry=1,
> self=<optimized out>) at ../glib/gmain.c:4175
> #20 g_main_loop_run (loop=0x502000055690) at ../glib/gmain.c:4373
>
> Commit ebae6477dc ("chardev: check if the chardev is registered for
> yanking") seems to have encountered a similar issue, but checking
> s->registered_yank is not a complete solution because that flag
> pertains to the yank instance, not to each individual function.
>
> Skip the yank_unregister_function() in case s->sioc is already NULL,
> which indicates the last yank function was already removed.
>
> Signed-off-by: Fabiano Rosas <farosas@suse.de>
> ---
> Can tcp_chr_free_connection() race with itself? I'm assuming no.
>
> Could we just make yank_unregister_instance() remove all yank
> functions at once? Those asserts/abort in the yank code are a bit
> masochistic.
> ---
> chardev/char-socket.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2025-05-19 10:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-15 22:20 [PATCH 0/4] chardev: Fix issues found by vhost-user-test Fabiano Rosas
2025-05-15 22:20 ` [PATCH 1/4] chardev: Fix QIOChannel refcount Fabiano Rosas
2025-05-19 10:49 ` Daniel P. Berrangé
2025-05-15 22:20 ` [PATCH 2/4] chardev: Don't attempt to unregister yank function more than once Fabiano Rosas
2025-05-19 10:52 ` Daniel P. Berrangé [this message]
2025-05-15 22:20 ` [PATCH 3/4] chardev: Consolidate yank registration Fabiano Rosas
2025-05-19 10:53 ` Daniel P. Berrangé
2025-05-15 22:20 ` [PATCH 4/4] chardev: Introduce a lock for hup_source Fabiano Rosas
2025-05-19 11:00 ` Daniel P. Berrangé
2025-05-19 14:21 ` Fabiano Rosas
2026-02-28 15:16 ` Peter Maydell
2026-03-04 10:34 ` Daniel P. Berrangé
2026-03-06 13:57 ` Peter Maydell
2026-03-06 14:49 ` Daniel P. Berrangé
2026-03-06 14:55 ` Peter Maydell
2025-05-24 17:50 ` [PATCH 0/4] chardev: Fix issues found by vhost-user-test Marc-André Lureau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCsNXIpN5CVCG70S@redhat.com \
--to=berrange@redhat.com \
--cc=farosas@suse.de \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.