From: "Daniel P. Berrange" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org, armbru@redhat.com
Subject: Re: [Qemu-devel] chardev's and fd's in monitors
Date: Thu, 20 Oct 2016 09:34:36 +0100 [thread overview]
Message-ID: <20161020083436.GB12145@redhat.com> (raw)
In-Reply-To: <1aa4a32c-3816-1c8d-6722-b54c9f22fe09@redhat.com>
On Wed, Oct 19, 2016 at 10:51:07PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2016 19:01, Dr. David Alan Gilbert wrote:
> > * Paolo Bonzini (pbonzini@redhat.com) wrote:
> >>
> >>
> >> On 18/10/2016 16:01, Daniel P. Berrange wrote:
> >>>>>
> >>>>> I already use error_report's in places in migration threads of various
> >>>>> types; I'm not sure if that's a problem.
> >>> Unless those places are protected by the big qemu lock, that sounds
> >>> not good. error_report calls into error_vprintf which checks the
> >>> 'cur_mon' global "Monitor" pointer. This variable is updated at
> >>> runtime - eg in qmp_human_monitor_command(), monitor_qmp_read(),
> >>> monitor_read(), etc. So if migration threads outside the BQL are
> >>> calling error_report() that could well cause problems. If you
> >>> are lucky messages will merely end up going to stderr instead of
> >>> the monitor, but in worst case I wouldn't be surprised if there
> >>> is a crash possibility in some race conditions.
> >>
> >> Writes to chardevs *are* thread-safe (assuming qio_channel_create_watch
> >> is thread-safe; it seems to be).
> >
> > Hmm that's useful (although it doesn't solve error_report because error_vprintf
> > is racy itself).
>
> How is it racy? Because of the case where cur_mon changes under the
> feet of error_vprintf? I guess that can be ignored for now (just a TODO
> comment will do).
Yes, the usage of cur_mon is unsafe as there's a TOCTOU race in
there that I believe can result in a NULL pointer crash.
eg these two methods:
static inline bool monitor_is_qmp(const Monitor *mon)
{
return (mon->flags & MONITOR_USE_CONTROL);
}
bool monitor_cur_is_qmp(void)
{
return cur_mon && monitor_is_qmp(cur_mon);
}
In using error_vprintf() from a non-main thread and not holding
the big QEMU lock, then 'cur_mon' can change between time we
check that its non-NULL, and when accessing cur_mon->flags.
Admittedly its a rare race - you could have to have an error
being reported by background migration, concurrently with a
monitor command being invoked, but that will hit someone
eventually unless I'm missing some synchronization somewhere.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2016-10-20 8:34 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-12 19:15 [Qemu-devel] chardev's and fd's in monitors Dr. David Alan Gilbert
2016-10-12 20:02 ` Marc-André Lureau
2016-10-13 15:47 ` Dr. David Alan Gilbert
2016-10-18 10:04 ` Daniel P. Berrange
2016-10-18 11:32 ` Dr. David Alan Gilbert
2016-10-18 11:41 ` Marc-André Lureau
2016-10-18 11:44 ` Marc-André Lureau
2016-10-18 12:01 ` Daniel P. Berrange
2016-10-18 13:25 ` Dr. David Alan Gilbert
2016-10-18 13:35 ` Daniel P. Berrange
2016-10-18 13:52 ` Dr. David Alan Gilbert
2016-10-18 14:01 ` Daniel P. Berrange
2016-10-18 18:53 ` Dr. David Alan Gilbert
2016-10-19 7:45 ` Daniel P. Berrange
2016-10-19 8:00 ` Markus Armbruster
2016-10-19 8:12 ` Dr. David Alan Gilbert
2016-10-19 8:42 ` Daniel P. Berrange
2016-10-19 9:48 ` Markus Armbruster
2016-10-19 10:05 ` Dr. David Alan Gilbert
2016-10-19 10:16 ` Daniel P. Berrange
2016-10-19 12:16 ` Markus Armbruster
2016-10-19 12:21 ` Daniel P. Berrange
2016-10-19 18:06 ` Dr. David Alan Gilbert
2016-10-20 8:37 ` Daniel P. Berrange
2016-10-20 8:53 ` Marc-André Lureau
2016-10-20 10:45 ` Markus Armbruster
2016-10-20 16:56 ` Paolo Bonzini
2016-10-21 9:12 ` Markus Armbruster
2016-10-21 21:06 ` Paolo Bonzini
2016-10-24 7:07 ` Markus Armbruster
2016-10-21 9:35 ` Daniel P. Berrange
2016-10-20 16:59 ` Dr. David Alan Gilbert
2016-10-20 8:55 ` Markus Armbruster
2016-10-20 9:03 ` Daniel P. Berrange
2016-10-20 9:58 ` Dr. David Alan Gilbert
2016-10-20 10:42 ` Markus Armbruster
2016-10-20 11:01 ` Dr. David Alan Gilbert
2016-10-20 11:10 ` Daniel P. Berrange
2016-10-20 11:45 ` Markus Armbruster
2016-10-20 11:08 ` Daniel P. Berrange
2016-10-20 11:57 ` Markus Armbruster
2016-10-20 17:56 ` Dr. David Alan Gilbert
2016-10-21 9:06 ` Markus Armbruster
2016-10-21 9:37 ` Daniel P. Berrange
2016-10-21 11:56 ` Dr. David Alan Gilbert
2016-10-21 9:45 ` Dr. David Alan Gilbert
2016-10-19 12:26 ` Paolo Bonzini
2016-10-19 17:01 ` Dr. David Alan Gilbert
2016-10-19 20:51 ` Paolo Bonzini
2016-10-20 8:34 ` Daniel P. Berrange [this message]
2016-10-18 12:08 ` Markus Armbruster
2016-10-18 12:13 ` Daniel P. Berrange
2016-10-18 12:43 ` Dr. David Alan Gilbert
2016-10-18 10:06 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161020083436.GB12145@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).