From mboxrd@z Thu Jan  1 00:00:00 1970
From: Juan Quintela <quintela@redhat.com>
Subject: Re: [PATCH 05/18] vl.c: add deleted flag for deleting the handler.
Date: Wed, 23 Feb 2011 23:04:44 +0100
Message-ID: <m3zkpm2yrn.fsf@trasno.org>
References: <1298468927-19193-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
	<1298468927-19193-6-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
Reply-To: quintela@redhat.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org, kwolf@redhat.com,
	aliguori@us.ibm.com, mtosatti@redhat.com, ananth@in.ibm.com,
	mst@redhat.com, dlaor@redhat.com, vatsa@linux.vnet.ibm.com,
	blauwirbel@gmail.com, ohmura.kei@lab.ntt.co.jp, avi@redhat.com,
	pbonzini@redhat.com, psuriset@linux.vnet.ibm.com,
	stefanha@linux.vnet.ibm.com
To: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:1025 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753546Ab1BWWJZ (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 23 Feb 2011 17:09:25 -0500
In-Reply-To: <1298468927-19193-6-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
	(Yoshiaki Tamura's message of "Wed, 23 Feb 2011 22:48:34 +0900")
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp> wrote:
> Make deleting handlers robust against deletion of any elements in a
> handler by using a deleted flag like in file descriptors.
>
> Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
> ---
>  vl.c |   13 +++++++++----
>  1 files changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index b436952..4e263c3 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1158,6 +1158,7 @@ static void nographic_update(void *opaque)
>  struct vm_change_state_entry {
>      VMChangeStateHandler *cb;
>      void *opaque;
> +    int deleted;
>      QLIST_ENTRY (vm_change_state_entry) entries;
>  };
>  
> @@ -1178,8 +1179,7 @@ VMChangeStateEntry *qemu_add_vm_change_state_handler(VMChangeStateHandler *cb,
>  
>  void qemu_del_vm_change_state_handler(VMChangeStateEntry *e)
>  {
> -    QLIST_REMOVE (e, entries);
> -    qemu_free (e);
> +    e->deleted = 1;
>  }
>  
>  void vm_state_notify(int running, int reason)
> @@ -1188,8 +1188,13 @@ void vm_state_notify(int running, int reason)
>  
>      trace_vm_state_notify(running, reason);
>  
> -    for (e = vm_change_state_head.lh_first; e; e = e->entries.le_next) {
> -        e->cb(e->opaque, running, reason);

this needs to become:

> +    QLIST_FOREACH(e, &vm_change_state_head, entries) {
> +        if (e->deleted) {
> +            QLIST_REMOVE(e, entries);
> +            qemu_free(e);
> +        } else {
> +            e->cb(e->opaque, running, reason);
> +        }

   VMChangeState_entry *next;

   QLIST_FOREACH_SAFE(e, &vm_change_state_head, entries, next) {
      .....

  Otherwise you are accessing "e" after qemu_free and being put out of
  the list.

Later, Juan.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=38262 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PsNOo-0002SP-8H
	for qemu-devel@nongnu.org; Wed, 23 Feb 2011 17:41:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <quintela@redhat.com>) id 1PsMsO-0000Bz-A9
	for qemu-devel@nongnu.org; Wed, 23 Feb 2011 17:08:05 -0500
Received: from mx1.redhat.com ([209.132.183.28]:59259)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <quintela@redhat.com>) id 1PsMsN-0000Bp-SG
	for qemu-devel@nongnu.org; Wed, 23 Feb 2011 17:08:04 -0500
From: Juan Quintela <quintela@redhat.com>
In-Reply-To: <1298468927-19193-6-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
	(Yoshiaki Tamura's message of "Wed, 23 Feb 2011 22:48:34 +0900")
References: <1298468927-19193-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
	<1298468927-19193-6-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
Date: Wed, 23 Feb 2011 23:04:44 +0100
Message-ID: <m3zkpm2yrn.fsf@trasno.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: [Qemu-devel] Re: [PATCH 05/18] vl.c: add deleted flag for deleting
	the handler.
Reply-To: quintela@redhat.com
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Cc: kwolf@redhat.com, aliguori@us.ibm.com, dlaor@redhat.com, ananth@in.ibm.com, kvm@vger.kernel.org, mst@redhat.com, mtosatti@redhat.com, qemu-devel@nongnu.org, vatsa@linux.vnet.ibm.com, blauwirbel@gmail.com, ohmura.kei@lab.ntt.co.jp, avi@redhat.com, pbonzini@redhat.com, psuriset@linux.vnet.ibm.com, stefanha@linux.vnet.ibm.com

Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp> wrote:
> Make deleting handlers robust against deletion of any elements in a
> handler by using a deleted flag like in file descriptors.
>
> Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
> ---
>  vl.c |   13 +++++++++----
>  1 files changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index b436952..4e263c3 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1158,6 +1158,7 @@ static void nographic_update(void *opaque)
>  struct vm_change_state_entry {
>      VMChangeStateHandler *cb;
>      void *opaque;
> +    int deleted;
>      QLIST_ENTRY (vm_change_state_entry) entries;
>  };
>  
> @@ -1178,8 +1179,7 @@ VMChangeStateEntry *qemu_add_vm_change_state_handler(VMChangeStateHandler *cb,
>  
>  void qemu_del_vm_change_state_handler(VMChangeStateEntry *e)
>  {
> -    QLIST_REMOVE (e, entries);
> -    qemu_free (e);
> +    e->deleted = 1;
>  }
>  
>  void vm_state_notify(int running, int reason)
> @@ -1188,8 +1188,13 @@ void vm_state_notify(int running, int reason)
>  
>      trace_vm_state_notify(running, reason);
>  
> -    for (e = vm_change_state_head.lh_first; e; e = e->entries.le_next) {
> -        e->cb(e->opaque, running, reason);

this needs to become:

> +    QLIST_FOREACH(e, &vm_change_state_head, entries) {
> +        if (e->deleted) {
> +            QLIST_REMOVE(e, entries);
> +            qemu_free(e);
> +        } else {
> +            e->cb(e->opaque, running, reason);
> +        }

   VMChangeState_entry *next;

   QLIST_FOREACH_SAFE(e, &vm_change_state_head, entries, next) {
      .....

  Otherwise you are accessing "e" after qemu_free and being put out of
  the list.

Later, Juan.