From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Geoffrey McRae <geoff@hostfission.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [PATCH v5 1/1] audio/jack: fix use after free segfault
Date: Thu, 20 Aug 2020 14:00:27 +0200 [thread overview]
Message-ID: <2337495.aVM56tU1U7@silver> (raw)
In-Reply-To: <c84d95de-c71d-3272-6b41-95753634482a@redhat.com>
On Donnerstag, 20. August 2020 12:54:49 CEST Paolo Bonzini wrote:
> More on the practical side, recursive mutex are an easy way to get a
> deadlock. It's a common idiom to do
>
> /* Need to take foo->lock outside bar->lock. */
> mutex_unlock(&bar->lock);
> mutex_lock(&foo->lock);
> mutex_lock(&bar->lock);
The general theoretical implications about recursive locks was clear to me.
AFAICS your point is that a recursive lock could mislead poeple taking things
easy and running into a deadlock scenario like outlined by you.
My point was if it happens for whatever reason that a main IO mutex lock was
accidentally introduced, i.e. without knowing it was already locked on a
higher level, wouldn't it make sense to deal with this in some kind of
defensive way?
One way would be a recursive type and logging a warning, which you obviously
don't like; another option would be an assertion fault instead to make
developers immediately aware about the double lock on early testing. Because
on a large scale project like this, it is almost impossible for all developers
to be aware about all implied locks. Don't you think so?
At least IMO the worst case would be a double unlock on a non-recursive main
thread mutex and running silently into undefined behaviour.
> My suggestion is to work towards protecting the audio code with its own
> mutex(es) and ignore the existence of the BQL for subsystems that can do
> so (audio is a prime candidate). Also please add comments to
> audio_int.h about which functions are called from other threads than the
> QEMU main thread.
That main thread lock came up here because I noticed this API comment on
qemu_bh_cancel():
"While cancellation itself is also wait-free and thread-safe, it can of
course race with the loop that executes bottom halves unless you are
holding the iothread mutex. This makes it mostly useless if you are not
holding the mutex."
So this lock was not about driver internal data protection, but rather about
dealing with the BH API correctly.
Best regards,
Christian Schoenebeck
next prev parent reply other threads:[~2020-08-20 12:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-19 6:29 [PATCH v5 0/1] audio/jack: fix use after free segfault Geoffrey McRae
2020-08-19 6:29 ` [PATCH v5 1/1] " Geoffrey McRae
2020-08-19 15:21 ` Christian Schoenebeck
2020-08-19 15:27 ` Geoffrey McRae
2020-08-20 5:37 ` Gerd Hoffmann
2020-08-20 10:06 ` Christian Schoenebeck
2020-08-20 10:54 ` Paolo Bonzini
2020-08-20 12:00 ` Christian Schoenebeck [this message]
2020-08-21 13:13 ` Paolo Bonzini
2020-08-26 13:48 ` PTHREAD_MUTEX_ERRORCHECK and fork() Christian Schoenebeck
2020-08-21 11:12 ` recursive locks (in general) Christian Schoenebeck
2020-08-21 13:08 ` Paolo Bonzini
2020-08-21 15:25 ` Christian Schoenebeck
2020-08-21 11:28 ` [PATCH v5 1/1] audio/jack: fix use after free segfault Geoffrey McRae
2020-08-21 13:13 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2337495.aVM56tU1U7@silver \
--to=qemu_oss@crudebyte.com \
--cc=geoff@hostfission.com \
--cc=kraxel@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).