From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Alistair Francis" <alistair.francis@wdc.com>,
"Cédric Le Goater" <clg@kaod.org>,
"Marcin Juszkiewicz" <marcin.juszkiewicz@linaro.org>,
"John Snow" <jsnow@redhat.com>,
libvir-list@redhat.com,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
qemu-s390x@nongnu.org, "Song Gao" <gaosong@loongson.cn>,
"Daniel Henrique Barboza" <danielhb413@gmail.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Bastian Koppelmann" <kbastian@mail.uni-paderborn.de>,
"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
"Weiwei Li" <liweiwei@iscas.ac.cn>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Radoslaw Biernacki" <rad@semihalf.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Cleber Rosa" <crosa@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Thomas Huth" <thuth@redhat.com>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Bin Meng" <bin.meng@windriver.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Xiaojuan Yang" <yangxiaojuan@loongson.cn>,
qemu-ppc@nongnu.org, "David Hildenbrand" <david@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-riscv@nongnu.org, qemu-arm@nongnu.org,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Yoshinori Sato" <ysato@users.sourceforge.jp>,
"Leif Lindholm" <quic_llindhol@quicinc.com>,
"Beraldo Leal" <bleal@redhat.com>,
"Akihiko Odaki" <akihiko.odaki@daynix.com>
Subject: [PATCH 12/31] contrib/plugins: Use GRWLock in execlog
Date: Mon, 25 Sep 2023 15:48:35 +0100 [thread overview]
Message-ID: <20230925144854.1872513-13-alex.bennee@linaro.org> (raw)
In-Reply-To: <20230925144854.1872513-1-alex.bennee@linaro.org>
From: Akihiko Odaki <akihiko.odaki@daynix.com>
execlog had the following comment:
> As we could have multiple threads trying to do this we need to
> serialise the expansion under a lock. Threads accessing already
> created entries can continue without issue even if the ptr array
> gets reallocated during resize.
However, when the ptr array gets reallocated, the other threads may have
a stale reference to the old buffer. This results in use-after-free.
Use GRWLock to properly fix this issue.
Fixes: 3d7caf145e ("contrib/plugins: add execlog to log instruction execution and memory access")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230912224107.29669-5-akihiko.odaki@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
contrib/plugins/execlog.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
index 7129d526f8..82dc2f584e 100644
--- a/contrib/plugins/execlog.c
+++ b/contrib/plugins/execlog.c
@@ -19,7 +19,7 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
/* Store last executed instruction on each vCPU as a GString */
static GPtrArray *last_exec;
-static GMutex expand_array_lock;
+static GRWLock expand_array_lock;
static GPtrArray *imatches;
static GArray *amatches;
@@ -28,18 +28,16 @@ static GArray *amatches;
* Expand last_exec array.
*
* As we could have multiple threads trying to do this we need to
- * serialise the expansion under a lock. Threads accessing already
- * created entries can continue without issue even if the ptr array
- * gets reallocated during resize.
+ * serialise the expansion under a lock.
*/
static void expand_last_exec(int cpu_index)
{
- g_mutex_lock(&expand_array_lock);
+ g_rw_lock_writer_lock(&expand_array_lock);
while (cpu_index >= last_exec->len) {
GString *s = g_string_new(NULL);
g_ptr_array_add(last_exec, s);
}
- g_mutex_unlock(&expand_array_lock);
+ g_rw_lock_writer_unlock(&expand_array_lock);
}
/**
@@ -51,8 +49,10 @@ static void vcpu_mem(unsigned int cpu_index, qemu_plugin_meminfo_t info,
GString *s;
/* Find vCPU in array */
+ g_rw_lock_reader_lock(&expand_array_lock);
g_assert(cpu_index < last_exec->len);
s = g_ptr_array_index(last_exec, cpu_index);
+ g_rw_lock_reader_unlock(&expand_array_lock);
/* Indicate type of memory access */
if (qemu_plugin_mem_is_store(info)) {
@@ -80,10 +80,14 @@ static void vcpu_insn_exec(unsigned int cpu_index, void *udata)
GString *s;
/* Find or create vCPU in array */
+ g_rw_lock_reader_lock(&expand_array_lock);
if (cpu_index >= last_exec->len) {
+ g_rw_lock_reader_unlock(&expand_array_lock);
expand_last_exec(cpu_index);
+ g_rw_lock_reader_lock(&expand_array_lock);
}
s = g_ptr_array_index(last_exec, cpu_index);
+ g_rw_lock_reader_unlock(&expand_array_lock);
/* Print previous instruction in cache */
if (s->len) {
--
2.39.2
next prev parent reply other threads:[~2023-09-25 14:56 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 14:48 [PATCH 00/31] September maintainer omnibus (tests, gdbstub, plugins) Alex Bennée
2023-09-25 14:48 ` [PATCH 01/31] tests/avocado: update firmware to enable sbsa-ref/neoverse-v1 Alex Bennée
2023-09-25 14:48 ` [PATCH 02/31] tests/lcitool: add swtpm to the package list Alex Bennée
2023-09-25 15:25 ` Daniel P. Berrangé
2023-09-25 14:48 ` [PATCH 03/31] gitlab: shuffle some targets and reduce avocado noise Alex Bennée
2023-09-25 14:48 ` [PATCH 04/31] docs: mark CRIS support as deprecated Alex Bennée
2023-09-25 16:28 ` Daniel P. Berrangé
2023-09-25 16:29 ` Daniel P. Berrangé
2023-09-25 16:50 ` Alex Bennée
2023-09-25 17:17 ` Edgar E. Iglesias
2024-01-24 11:06 ` Philippe Mathieu-Daudé
2024-01-24 13:59 ` Edgar E. Iglesias
2023-09-25 17:01 ` Alex Bennée
2023-09-25 14:48 ` [PATCH 05/31] tests/docker: make docker engine choice entirely configure driven Alex Bennée
2023-09-25 16:08 ` Paolo Bonzini
2023-09-25 14:48 ` [PATCH 06/31] configure: allow user to override docker engine Alex Bennée
2023-09-25 14:48 ` [PATCH 07/31] configure: remove gcc version suffixes Alex Bennée
2023-09-25 14:48 ` [PATCH 08/31] configure: ensure dependency for cross-compile setup Alex Bennée
2023-09-25 16:14 ` Paolo Bonzini
2023-09-25 16:42 ` Alex Bennée
2023-09-25 17:06 ` Paolo Bonzini
2023-09-25 17:09 ` Peter Maydell
2023-09-25 14:48 ` [PATCH 09/31] gdbstub: Fix target_xml initialization Alex Bennée
2023-09-25 14:48 ` [PATCH 10/31] gdbstub: Fix target.xml response Alex Bennée
2023-09-25 14:48 ` [PATCH 11/31] plugins: Check if vCPU is realized Alex Bennée
2023-09-25 14:48 ` Alex Bennée [this message]
2023-09-25 14:48 ` [PATCH 13/31] gdbstub: Introduce GDBFeature structure Alex Bennée
2023-09-25 14:48 ` [PATCH 14/31] target/arm: Move the reference to arm-core.xml Alex Bennée
2023-09-25 14:48 ` [PATCH 15/31] hw/core/cpu: Return static value with gdb_arch_name() Alex Bennée
2023-09-25 14:48 ` [PATCH 16/31] gdbstub: Use g_markup_printf_escaped() Alex Bennée
2023-09-25 14:48 ` [PATCH 17/31] target/arm: Remove references to gdb_has_xml Alex Bennée
2023-09-25 14:48 ` [PATCH 18/31] target/ppc: " Alex Bennée
2023-09-25 14:48 ` [PATCH 19/31] gdbstub: Remove gdb_has_xml variable Alex Bennée
2023-09-25 14:48 ` [PATCH 20/31] gdbstub: Replace gdb_regs with an array Alex Bennée
2023-09-25 14:48 ` [PATCH 21/31] accel/tcg: Add plugin_enabled to DisasContextBase Alex Bennée
2023-09-25 14:48 ` [PATCH 22/31] target/sh4: Disable decode_gusa when plugins enabled Alex Bennée
2023-09-25 14:48 ` [PATCH 23/31] plugins: Set final instruction count in plugin_gen_tb_end Alex Bennée
2023-09-25 14:48 ` [PATCH 24/31] contrib/plugins: fix coverity warning in cache Alex Bennée
2023-09-25 14:48 ` [PATCH 25/31] contrib/plugins: fix coverity warning in lockstep Alex Bennée
2023-09-25 14:48 ` [PATCH 26/31] contrib/plugins: fix coverity warning in hotblocks Alex Bennée
2023-09-25 14:48 ` [RFC PATCH 27/31] sysemu: add set_virtual_time to accel ops Alex Bennée
2023-09-25 14:48 ` [RFC PATCH 28/31] qtest: use cpu interface in qtest_clock_warp Alex Bennée
2023-09-25 14:48 ` [RFC PATCH 29/31] sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time Alex Bennée
2023-09-25 14:48 ` [RFC PATCH 30/31] plugins: add time control API Alex Bennée
2023-09-25 14:48 ` [RFC PATCH 31/31] contrib/plugins: add iops plugin example for cost modelling Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230925144854.1872513-13-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=akihiko.odaki@daynix.com \
--cc=alistair.francis@wdc.com \
--cc=berrange@redhat.com \
--cc=bin.meng@windriver.com \
--cc=bleal@redhat.com \
--cc=clg@kaod.org \
--cc=crosa@redhat.com \
--cc=danielhb413@gmail.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=erdnaxe@crans.org \
--cc=gaosong@loongson.cn \
--cc=iii@linux.ibm.com \
--cc=jsnow@redhat.com \
--cc=kbastian@mail.uni-paderborn.de \
--cc=libvir-list@redhat.com \
--cc=liweiwei@iscas.ac.cn \
--cc=lvivier@redhat.com \
--cc=ma.mandourr@gmail.com \
--cc=marcandre.lureau@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=marcin.juszkiewicz@linaro.org \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=quic_llindhol@quicinc.com \
--cc=rad@semihalf.com \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=yangxiaojuan@loongson.cn \
--cc=ysato@users.sourceforge.jp \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).