From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M6rAA-0004f2-23
	for qemu-devel@nongnu.org; Wed, 20 May 2009 15:09:14 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M6rA5-0004aS-4B
	for qemu-devel@nongnu.org; Wed, 20 May 2009 15:09:13 -0400
Received: from [199.232.76.173] (port=52161 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M6rA5-0004aP-06
	for qemu-devel@nongnu.org; Wed, 20 May 2009 15:09:09 -0400
Received: from mx2.redhat.com ([66.187.237.31]:32866)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <mtosatti@redhat.com>) id 1M6rA4-0003U8-GV
	for qemu-devel@nongnu.org; Wed, 20 May 2009 15:09:08 -0400
Date: Wed, 20 May 2009 16:08:35 -0300
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] Fix NULL alarm_timer pointer at exit
Message-ID: <20090520190835.GA28898@amt.cnet>
References: <200905171838.40006.jcd@tribudubois.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200905171838.40006.jcd@tribudubois.net>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jean-Christophe Dubois <jcd@tribudubois.net>
Cc: qemu-devel@nongnu.org

Hi,

I think the right fix is to block SIGALRM in quit_timers, which
is called from main():

static void quit_timers(void)
{
    alarm_timer->stop(alarm_timer);
    alarm_timer = NULL;
}

On Sun, May 17, 2009 at 06:38:39PM +0200, Jean-Christophe Dubois wrote:
> This fixes a SIGSEGV error on qemu exit. 
> 
> Here is the valgrind output related to this error
> 
> ==3648== Process terminating with default action of signal 11 (SIGSEGV)                                     
> ==3648==  Access not within mapped region at address 0x8                                                    
> ==3648==    at 0x40636B: host_alarm_handler (vl.c:1345)                                                     
> ==3648==    by 0x52D807F: (within /lib/libpthread-2.9.so)                                                   
> ==3648==    by 0x5C0A12E: tcsetattr (in /lib/libc-2.9.so)                                                   
> ==3648==    by 0x4DD601: term_exit (qemu-char.c:700)                                                        
> ==3648==    by 0x5B636EC: exit (in /lib/libc-2.9.so)                                                        
> ==3648==    by 0x5B4B5AC: (below main) (in /lib/libc-2.9.so)  
> 
> This simple fix check for a valid pointer as host_alarm_handler is
> also called after alarm_timer is released in the exit path.
> 
> Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>
> 
> --- qemu.org/vl.c	2009-05-16 17:57:27.000000000 +0200
> +++ qemu/vl.c	2009-05-17 17:15:29.000000000 +0200
> @@ -915,7 +915,7 @@
>  
>  static inline int alarm_has_dynticks(struct qemu_alarm_timer *t)
>  {
> -    return t->flags & ALARM_FLAG_DYNTICKS;
> +    return t && (t->flags & ALARM_FLAG_DYNTICKS);
>  }
>  
>  static void qemu_rearm_alarm_timer(struct qemu_alarm_timer *t)
> @@ -1349,7 +1349,7 @@
>          qemu_timer_expired(active_timers[QEMU_TIMER_REALTIME],
>                             qemu_get_clock(rt_clock))) {
>          qemu_event_increment();
> -        alarm_timer->flags |= ALARM_FLAG_EXPIRED;
> +        if (alarm_timer) alarm_timer->flags |= ALARM_FLAG_EXPIRED;
>  
>  #ifndef CONFIG_IOTHREAD
>          if (next_cpu) {
> 
>