From: Stefan Hajnoczi <stefanha@gmail.com>
To: "Sinha, Ani" <Ani.Sinha@tellabs.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] virtqueue corruption in emulation mode?
Date: Tue, 27 Sep 2011 08:17:10 +0100 [thread overview]
Message-ID: <20110927071710.GB8740@stefanha-thinkpad.localdomain> (raw)
In-Reply-To: <6933F59A-DA47-4F49-8F6B-BD968619A790@tellabs.com>
On Mon, Sep 26, 2011 at 07:16:56PM -0500, Sinha, Ani wrote:
> I am using the virtqueue (virtqueue_pop, virtqueue_push etc) in the emulated mode (non-kvm mode) from an IO thread (a separate thread different from main QEMU thread). What I am observing is that the virtqueue memory seems to get corrupt. Either qemu crashes while performing virtqueue_push() (virtqueue_push() -> virtqueue_fill() ->bring_used_idx()->lduw_phys()->qemu_get_ram_ptr()->"bad ram offset") or crashes when the guest accesses a bad memory while using virtqueue. Now this never ever happens when I run QEMU in KVM mode (/dev/kvm present) OR when I use my functions from within the main qemu thread. I am unable to figure out why this is happening. I have looked into my code over and over again and I can't seem to explain this behavior. Can any of you guys give me any inkling?
QEMU is not thread-safe in general. It uses a big lock to protect most
of its internal state.
When you say "an IO thread" it sounds like you spawn a new thread
outside the big lock (qemu_global_mutex). You cannot call the existing
virtqueue functions outside the big lock because they traverse (and
modify!) the memory management data structures.
Please call new threads "helper threads" or something other than "IO
thread" because I/O thread has a specific meaning in QEMU. It's the
event loop thread that execute main_loop_wait() and dispatches fd
handlers when select(2) returns. This will prevent confusion.
If you follow the way that existing virtio devices are implemented there
should be no problem.
Stefan
next prev parent reply other threads:[~2011-09-27 8:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-27 0:16 [Qemu-devel] virtqueue corruption in emulation mode? Sinha, Ani
2011-09-27 7:17 ` Stefan Hajnoczi [this message]
2011-09-28 2:01 ` Sinha, Ani
2011-09-28 8:51 ` Stefan Hajnoczi
2011-09-28 14:23 ` Sinha, Ani
2011-09-28 16:47 ` Stefan Hajnoczi
2011-09-28 18:44 ` Sinha, Ani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110927071710.GB8740@stefanha-thinkpad.localdomain \
--to=stefanha@gmail.com \
--cc=Ani.Sinha@tellabs.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).