* [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head
@ 2025-10-14 19:19 Peter Xu
2025-10-14 19:19 ` [PATCH v2 1/3] qht: Zero-initialize qht_map Peter Xu
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Peter Xu @ 2025-10-14 19:19 UTC (permalink / raw)
To: qemu-devel
Cc: Peter Maydell, Paolo Bonzini, Stefan Hajnoczi, peterx,
Richard Henderson, Emilio G . Cota
v2:
- Change patch 2 subject and wording to avoid mentioning "double free" [PeterM]
This is an idea suggested by Peter Maydell:
https://lore.kernel.org/all/CAFEAcA--K0=EJNNvj98i=ewGY=tN3u4S0+fNb9kJpYynzjHEhw@mail.gmail.com/
After this small series applied, we should be able to assert on misuse of
accidental (wrong) re-use on a rcu head.
Please review, thanks.
Peter Xu (3):
qht: Zero-initialize qht_map
tests/test-rcu-*: Zero-initialize allocated elements
rcu: Catch rcu_head misuse
tests/unit/test-rcu-list.c | 4 ++--
util/qht.c | 2 +-
util/rcu.c | 5 +++++
3 files changed, 8 insertions(+), 3 deletions(-)
--
2.50.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/3] qht: Zero-initialize qht_map
2025-10-14 19:19 [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Peter Xu
@ 2025-10-14 19:19 ` Peter Xu
2025-10-14 19:39 ` Philippe Mathieu-Daudé
2025-10-14 19:19 ` [PATCH v2 2/3] tests/test-rcu-*: Zero-initialize allocated elements Peter Xu
` (2 subsequent siblings)
3 siblings, 1 reply; 6+ messages in thread
From: Peter Xu @ 2025-10-14 19:19 UTC (permalink / raw)
To: qemu-devel
Cc: Peter Maydell, Paolo Bonzini, Stefan Hajnoczi, peterx,
Richard Henderson, Emilio G . Cota
QEMU almost always do this across the tree except QHT. This prepares for
rcu to track double free.
Signed-off-by: Peter Xu <peterx@redhat.com>
---
util/qht.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/qht.c b/util/qht.c
index 208c2f4b32..872d9f9cec 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -441,7 +441,7 @@ static struct qht_map *qht_map_create(size_t n_buckets)
struct qht_map *map;
size_t i;
- map = g_malloc(sizeof(*map));
+ map = g_malloc0(sizeof(*map));
map->n_buckets = n_buckets;
map->n_added_buckets = 0;
--
2.50.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/3] tests/test-rcu-*: Zero-initialize allocated elements
2025-10-14 19:19 [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Peter Xu
2025-10-14 19:19 ` [PATCH v2 1/3] qht: Zero-initialize qht_map Peter Xu
@ 2025-10-14 19:19 ` Peter Xu
2025-10-14 19:19 ` [PATCH v2 3/3] rcu: Catch rcu_head misuse Peter Xu
2025-10-15 15:44 ` [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Richard Henderson
3 siblings, 0 replies; 6+ messages in thread
From: Peter Xu @ 2025-10-14 19:19 UTC (permalink / raw)
To: qemu-devel
Cc: Peter Maydell, Paolo Bonzini, Stefan Hajnoczi, peterx,
Richard Henderson, Emilio G . Cota
QEMU almost always do this, so do it too with the RCU unit tests. It's
preparation work to start asserting on possible rcu double free.
Signed-off-by: Peter Xu <peterx@redhat.com>
---
tests/unit/test-rcu-list.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/unit/test-rcu-list.c b/tests/unit/test-rcu-list.c
index 8f0adb8b00..853c9e33d9 100644
--- a/tests/unit/test-rcu-list.c
+++ b/tests/unit/test-rcu-list.c
@@ -233,7 +233,7 @@ static void *rcu_q_updater(void *arg)
TEST_LIST_FOREACH_RCU(el, &Q_list_head, entry) {
j++;
if (target_el == j) {
- struct list_element *new_el = g_new(struct list_element, 1);
+ struct list_element *new_el = g_new0(struct list_element, 1);
n_nodes_local++;
TEST_LIST_INSERT_AFTER_RCU(el, new_el, entry);
break;
@@ -259,7 +259,7 @@ static void rcu_qtest_init(void)
nthreadsrunning = 0;
srand(time(0));
for (i = 0; i < RCU_Q_LEN; i++) {
- new_el = g_new(struct list_element, 1);
+ new_el = g_new0(struct list_element, 1);
TEST_LIST_INSERT_HEAD_RCU(&Q_list_head, new_el, entry);
}
qemu_mutex_lock(&counts_mutex);
--
2.50.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 3/3] rcu: Catch rcu_head misuse
2025-10-14 19:19 [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Peter Xu
2025-10-14 19:19 ` [PATCH v2 1/3] qht: Zero-initialize qht_map Peter Xu
2025-10-14 19:19 ` [PATCH v2 2/3] tests/test-rcu-*: Zero-initialize allocated elements Peter Xu
@ 2025-10-14 19:19 ` Peter Xu
2025-10-15 15:44 ` [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Richard Henderson
3 siblings, 0 replies; 6+ messages in thread
From: Peter Xu @ 2025-10-14 19:19 UTC (permalink / raw)
To: qemu-devel
Cc: Peter Maydell, Paolo Bonzini, Stefan Hajnoczi, peterx,
Richard Henderson, Emilio G . Cota
Trap call_rcu1() to make sure it won't be invoked twice for one rcu head by
accident.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Xu <peterx@redhat.com>
---
util/rcu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/util/rcu.c b/util/rcu.c
index b703c86f15..fc4b18812b 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -307,6 +307,11 @@ static void *call_rcu_thread(void *opaque)
void call_rcu1(struct rcu_head *node, void (*func)(struct rcu_head *node))
{
+ /*
+ * Avoid accidental reuse of rcu_head, e.g. enqueuing one node twice
+ * (especially, when the function pointers are different).
+ */
+ assert(node->func == NULL);
node->func = func;
enqueue(node);
qatomic_inc(&rcu_call_count);
--
2.50.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 1/3] qht: Zero-initialize qht_map
2025-10-14 19:19 ` [PATCH v2 1/3] qht: Zero-initialize qht_map Peter Xu
@ 2025-10-14 19:39 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 6+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-10-14 19:39 UTC (permalink / raw)
To: Peter Xu, qemu-devel
Cc: Peter Maydell, Paolo Bonzini, Stefan Hajnoczi, Richard Henderson,
Emilio G . Cota
On 14/10/25 21:19, Peter Xu wrote:
> QEMU almost always do this across the tree except QHT. This prepares for
> rcu to track double free.
>
> Signed-off-by: Peter Xu <peterx@redhat.com>
> ---
> util/qht.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head
2025-10-14 19:19 [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Peter Xu
` (2 preceding siblings ...)
2025-10-14 19:19 ` [PATCH v2 3/3] rcu: Catch rcu_head misuse Peter Xu
@ 2025-10-15 15:44 ` Richard Henderson
3 siblings, 0 replies; 6+ messages in thread
From: Richard Henderson @ 2025-10-15 15:44 UTC (permalink / raw)
To: qemu-devel
On 10/14/25 12:19, Peter Xu wrote:
> Peter Xu (3):
> qht: Zero-initialize qht_map
> tests/test-rcu-*: Zero-initialize allocated elements
> rcu: Catch rcu_head misuse
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-10-15 15:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-14 19:19 [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Peter Xu
2025-10-14 19:19 ` [PATCH v2 1/3] qht: Zero-initialize qht_map Peter Xu
2025-10-14 19:39 ` Philippe Mathieu-Daudé
2025-10-14 19:19 ` [PATCH v2 2/3] tests/test-rcu-*: Zero-initialize allocated elements Peter Xu
2025-10-14 19:19 ` [PATCH v2 3/3] rcu: Catch rcu_head misuse Peter Xu
2025-10-15 15:44 ` [PATCH v2 0/3] rcu: Detect accidental reuse of rcu head Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).