From: Peter Xu <peterx@redhat.com>
To: qemu-devel@nongnu.org
Cc: peterx@redhat.com, Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Yury Kotov <yury-kotov@yandex-team.ru>,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>
Subject: [PATCH RFC 0/2] qemu-thread: Strict unlock check
Date: Tue, 11 Oct 2022 18:41:52 -0400 [thread overview]
Message-ID: <20221011224154.644379-1-peterx@redhat.com> (raw)
NOTE: mark patchset RFC because "make check" will easily fail; but I didn't
yet dig into why as I'm not familiar with the code paths that triggers, it
can be bugs hidden or something I missed. So RFC to just have some thoughts.
The first patch converts the new timedwait to use DEBUG_MUTEX paths too.
IMO this one is pretty much wanted. The second patch add a strict version
of pthread_mutex_unlock() check by making sure the lock is locked first.
This comes from a debugging of migration code where we have had functions
like:
/* func() must be with lockA held */
func() {
...
/* Temporarily release the lock */
qemu_mutex_unlock(lockA);
...
/* Retake the lock */
qemu_mutex_lock(lockA);
...
}
Since I found that pthread lib is very "friendly" to unpaired unlock and
just silently ignore it, returning 0 as succeed. It means when func() is
called without lockA held the unlock() above will be ignored, but the
follow up lock() will be real. Later it will easily cause deadlock
afterwards in func() above because they just don't pair anymore right after
the one ignored unlock().
Since it's harder to know where should we take the lock, it's still easily
to fail the unlock() upon a lock not being held at all, so it's at least
earlier than the deadlock later on lockA in some other thread.
Patch 2 can also be used to further replace [sg]et_iothread_locked(), I
think, then we need to move the "locked" to be outside DEBUG_MUTEX but only
keep the assert() inside. But we can discuss that later.
Comments welcomed, thanks.
Peter Xu (2):
qemu-thread: Enable the new timedwait to use DEBUG_MUTEX too
qemu-thread: Fail hard for suspecious mutex unlocks
include/qemu/thread-posix.h | 1 +
util/qemu-thread-common.h | 10 ++++++++++
util/qemu-thread-posix.c | 4 ++--
3 files changed, 13 insertions(+), 2 deletions(-)
--
2.37.3
next reply other threads:[~2022-10-11 22:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-11 22:41 Peter Xu [this message]
2022-10-11 22:41 ` [PATCH RFC 1/2] qemu-thread: Enable the new timedwait to use DEBUG_MUTEX too Peter Xu
2022-10-11 22:41 ` [PATCH RFC 2/2] qemu-thread: Fail hard for suspecious mutex unlocks Peter Xu
2022-10-12 18:16 ` [PATCH RFC 0/2] qemu-thread: Strict unlock check Peter Xu
2022-10-13 10:31 ` Peter Maydell
2022-10-13 15:05 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221011224154.644379-1-peterx@redhat.com \
--to=peterx@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=yury-kotov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).