From: Kevin Wolf <kwolf@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: f4bug@amsat.org, alex.bennee@linaro.org, qemu-devel@nongnu.org,
armbru@redhat.com
Subject: Re: [PATCH] monitor: Fix order in monitor_cleanup()
Date: Mon, 15 Feb 2021 16:28:27 +0100 [thread overview]
Message-ID: <20210215152827.GR7226@merkur.fritz.box> (raw)
In-Reply-To: <12ad27f6-99f7-5c0f-c24a-f6784da67683@redhat.com>
Am 15.02.2021 um 16:08 hat Paolo Bonzini geschrieben:
> On 13/10/20 14:50, Kevin Wolf wrote:
> > We can only destroy Monitor objects after we're sure that they are not
> > in use by the dispatcher coroutine any more. This fixes crashes like the
> > following where we tried to destroy a monitor mutex while the dispatcher
> > coroutine still holds it:
> >
> > (gdb) bt
> > #0 0x00007fe541cf4bc5 in raise () at /lib64/libc.so.6
> > #1 0x00007fe541cdd8a4 in abort () at /lib64/libc.so.6
> > #2 0x000055c24e965327 in error_exit (err=16, msg=0x55c24eead3a0 <__func__.33> "qemu_mutex_destroy") at ../util/qemu-thread-posix.c:37
> > #3 0x000055c24e9654c3 in qemu_mutex_destroy (mutex=0x55c25133e0f0) at ../util/qemu-thread-posix.c:70
> > #4 0x000055c24e7cfaf1 in monitor_data_destroy_qmp (mon=0x55c25133dfd0) at ../monitor/qmp.c:439
> > #5 0x000055c24e7d23bc in monitor_data_destroy (mon=0x55c25133dfd0) at ../monitor/monitor.c:615
> > #6 0x000055c24e7d253a in monitor_cleanup () at ../monitor/monitor.c:644
> > #7 0x000055c24e6cb002 in qemu_cleanup () at ../softmmu/vl.c:4549
> > #8 0x000055c24e0d259b in main (argc=24, argv=0x7ffff66b0d58, envp=0x7ffff66b0e20) at ../softmmu/main.c:51
> >
> > Reported-by: Alex Bennée<alex.bennee@linaro.org>
> > Signed-off-by: Kevin Wolf<kwolf@redhat.com>
>
> Is this a race, or is there a chance of adding a reliable reproducer to
> qtest?
It is a race, but it's a fix for a bug that was caught by one of the
acceptance tests quite reliably. Alex reported it here:
https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03124.html
So I think to the extent that we can have a reliable test case, we
probably have one, even if it wasn't written specifically for this bug.
But it's not run during 'make check' if this is what you had in mind.
Kevin
prev parent reply other threads:[~2021-02-15 15:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-13 12:50 [PATCH] monitor: Fix order in monitor_cleanup() Kevin Wolf
2020-10-13 13:32 ` Ben Widawsky
2020-10-14 17:20 ` Alex Bennée
2020-10-15 7:46 ` Kevin Wolf
2020-10-19 9:19 ` Markus Armbruster
2021-01-29 12:53 ` Markus Armbruster
2021-02-12 14:22 ` Kevin Wolf
2021-02-15 12:17 ` Markus Armbruster
2021-02-15 15:08 ` Paolo Bonzini
2021-02-15 15:28 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210215152827.GR7226@merkur.fritz.box \
--to=kwolf@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=armbru@redhat.com \
--cc=f4bug@amsat.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).