[PULL 11/25] contrib/plugins: Use GRWLock in execlog

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Akihiko Odaki" <akihiko.odaki@daynix.com>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"Alexandre Iooss" <erdnaxe@crans.org>,
	"Mahmoud Mandour" <ma.mandourr@gmail.com>
Subject: [PULL 11/25] contrib/plugins: Use GRWLock in execlog
Date: Wed, 11 Oct 2023 11:33:15 +0100	[thread overview]
Message-ID: <20231011103329.670525-12-alex.bennee@linaro.org> (raw)
In-Reply-To: <20231011103329.670525-1-alex.bennee@linaro.org>

From: Akihiko Odaki <akihiko.odaki@daynix.com>

execlog had the following comment:
> As we could have multiple threads trying to do this we need to
> serialise the expansion under a lock. Threads accessing already
> created entries can continue without issue even if the ptr array
> gets reallocated during resize.

However, when the ptr array gets reallocated, the other threads may have
a stale reference to the old buffer. This results in use-after-free.

Use GRWLock to properly fix this issue.

Fixes: 3d7caf145e ("contrib/plugins: add execlog to log instruction execution and memory access")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230912224107.29669-5-akihiko.odaki@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231009164104.369749-12-alex.bennee@linaro.org>

diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
index 7129d526f8..82dc2f584e 100644
--- a/contrib/plugins/execlog.c
+++ b/contrib/plugins/execlog.c
@@ -19,7 +19,7 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
 
 /* Store last executed instruction on each vCPU as a GString */
 static GPtrArray *last_exec;
-static GMutex expand_array_lock;
+static GRWLock expand_array_lock;
 
 static GPtrArray *imatches;
 static GArray *amatches;
@@ -28,18 +28,16 @@ static GArray *amatches;
  * Expand last_exec array.
  *
  * As we could have multiple threads trying to do this we need to
- * serialise the expansion under a lock. Threads accessing already
- * created entries can continue without issue even if the ptr array
- * gets reallocated during resize.
+ * serialise the expansion under a lock.
  */
 static void expand_last_exec(int cpu_index)
 {
-    g_mutex_lock(&expand_array_lock);
+    g_rw_lock_writer_lock(&expand_array_lock);
     while (cpu_index >= last_exec->len) {
         GString *s = g_string_new(NULL);
         g_ptr_array_add(last_exec, s);
     }
-    g_mutex_unlock(&expand_array_lock);
+    g_rw_lock_writer_unlock(&expand_array_lock);
 }
 
 /**
@@ -51,8 +49,10 @@ static void vcpu_mem(unsigned int cpu_index, qemu_plugin_meminfo_t info,
     GString *s;
 
     /* Find vCPU in array */
+    g_rw_lock_reader_lock(&expand_array_lock);
     g_assert(cpu_index < last_exec->len);
     s = g_ptr_array_index(last_exec, cpu_index);
+    g_rw_lock_reader_unlock(&expand_array_lock);
 
     /* Indicate type of memory access */
     if (qemu_plugin_mem_is_store(info)) {
@@ -80,10 +80,14 @@ static void vcpu_insn_exec(unsigned int cpu_index, void *udata)
     GString *s;
 
     /* Find or create vCPU in array */
+    g_rw_lock_reader_lock(&expand_array_lock);
     if (cpu_index >= last_exec->len) {
+        g_rw_lock_reader_unlock(&expand_array_lock);
         expand_last_exec(cpu_index);
+        g_rw_lock_reader_lock(&expand_array_lock);
     }
     s = g_ptr_array_index(last_exec, cpu_index);
+    g_rw_lock_reader_unlock(&expand_array_lock);
 
     /* Print previous instruction in cache */
     if (s->len) {
-- 
2.39.2

next prev parent reply	other threads:[~2023-10-11 10:36 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-11 10:33 [PULL 00/25] testing, gdbstub and plugin updates Alex Bennée
2023-10-11 10:33 ` [PULL 01/25] tests/avocado: update firmware to enable OpenBSD test on sbsa-ref Alex Bennée
2023-10-11 10:33 ` [PULL 02/25] tests/avocado: remove flaky test marking for test_sbsaref_edk2_firmware Alex Bennée
2023-10-11 10:33 ` [PULL 03/25] tests/lcitool: add swtpm to the package list Alex Bennée
2023-10-11 10:33 ` [PULL 04/25] gitlab: shuffle some targets and reduce avocado noise Alex Bennée
2023-10-11 10:33 ` [PULL 05/25] tests/docker: make docker engine choice entirely configure driven Alex Bennée
2023-10-11 10:33 ` [PULL 06/25] configure: allow user to override docker engine Alex Bennée
2023-10-11 10:33 ` [PULL 07/25] configure: remove gcc version suffixes Alex Bennée
2023-10-11 10:33 ` [PULL 08/25] gdbstub: Fix target_xml initialization Alex Bennée
2023-10-11 10:33 ` [PULL 09/25] gdbstub: Fix target.xml response Alex Bennée
2023-10-11 10:33 ` [PULL 10/25] plugins: Check if vCPU is realized Alex Bennée
2023-10-11 10:33 ` Alex Bennée [this message]
2023-10-11 10:33 ` [PULL 12/25] gdbstub: Introduce GDBFeature structure Alex Bennée
2023-10-11 10:33 ` [PULL 13/25] target/arm: Move the reference to arm-core.xml Alex Bennée
2023-10-11 10:33 ` [PULL 14/25] hw/core/cpu: Return static value with gdb_arch_name() Alex Bennée
2023-10-11 10:33 ` [PULL 15/25] gdbstub: Use g_markup_printf_escaped() Alex Bennée
2023-10-11 10:33 ` [PULL 16/25] target/arm: Remove references to gdb_has_xml Alex Bennée
2023-10-11 10:33 ` [PULL 17/25] target/ppc: " Alex Bennée
2023-10-11 10:33 ` [PULL 18/25] gdbstub: Remove gdb_has_xml variable Alex Bennée
2023-10-11 10:33 ` [PULL 19/25] gdbstub: Replace gdb_regs with an array Alex Bennée
2023-10-17 14:05   ` Fabiano Rosas
2023-10-17 19:40     ` Akihiko Odaki
2023-10-11 10:33 ` [PULL 20/25] accel/tcg: Add plugin_enabled to DisasContextBase Alex Bennée
2023-10-11 10:33 ` [PULL 21/25] target/sh4: Disable decode_gusa when plugins enabled Alex Bennée
2023-10-11 10:33 ` [PULL 22/25] plugins: Set final instruction count in plugin_gen_tb_end Alex Bennée
2023-10-11 10:33 ` [PULL 23/25] contrib/plugins: fix coverity warning in cache Alex Bennée
2023-10-11 10:33 ` [PULL 24/25] contrib/plugins: fix coverity warning in lockstep Alex Bennée
2023-10-11 10:33 ` [PULL 25/25] contrib/plugins: fix coverity warning in hotblocks Alex Bennée
2023-10-11 17:04 ` [PULL 00/25] testing, gdbstub and plugin updates Stefan Hajnoczi

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7129d526f dfblob:82dc2f584 )
 OR (
bs:"[PULL 11/25] contrib/plugins: Use GRWLock in execlog" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231011103329.670525-12-alex.bennee@linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=akihiko.odaki@daynix.com \
    --cc=erdnaxe@crans.org \
    --cc=ma.mandourr@gmail.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).