From: Paolo Bonzini <pbonzini@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org, kwolf@redhat.com, berto@igalia.com,
famz@redhat.com, stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH 04/11] aio: introduce aio_co_schedule
Date: Tue, 17 May 2016 16:57:28 +0200 [thread overview]
Message-ID: <4dafcfa5-54f9-3ab1-afcf-5ac7270a3951@redhat.com> (raw)
In-Reply-To: <20160419143149.GI16312@stefanha-x1.localdomain>
On 19/04/2016 16:31, Stefan Hajnoczi wrote:
> On Fri, Apr 15, 2016 at 01:31:59PM +0200, Paolo Bonzini wrote:
>> @@ -255,6 +257,8 @@ aio_ctx_finalize(GSource *source)
>> }
>> #endif
>>
>> + qemu_bh_delete(ctx->schedule_bh);
>
> Please include an assertion that the scheduled coroutines list is empty.
Good idea.
>> + while (!QSLIST_EMPTY(&straight)) {
>> + Coroutine *co = QSLIST_FIRST(&straight);
>> + QSLIST_REMOVE_HEAD(&straight, co_scheduled_next);
>> + trace_aio_schedule_bh_cb(ctx, co);
>> + qemu_coroutine_enter(co, NULL);
FWIW, this should be wrapped with aio_context_acquire/aio_context_release.
>> + }
>> +}
>
> This construct brings to mind the use-after-free case when a scheduled
> coroutine terminates before it is entered by this loop:
>
> There are two scheduled Coroutines: A and B. During
> qemu_coroutine_enter(A) we enter B. B then terminates by returning from
> its main function. Once A yields or terminates we still try to enter
> the freed B coroutine.
>
> Unfortunately I don't think we have good debugging or an assertion for
> this bug. I'm sure it will occur at some point...
aio_co_schedule (and qemu_coroutine_wake which wraps it later in the
series) is quite a low-level interface, so I do not expect many users.
That said, there is at least another case where it will be used. In the
dataplane branch, where AIO callbacks take the AioContext mutex
themselves, we have:
static void bdrv_co_io_em_complete(void *opaque, int ret)
{
CoroutineIOCompletion *co = opaque;
co->ret = ret;
aio_context_acquire(co->ctx);
qemu_coroutine_enter(co->coroutine, NULL);
aio_context_release(co->ctx);
}
...
acb = bs->drv->bdrv_aio_readv(bs, sector_num, iov, nb_sectors,
bdrv_co_io_em_complete, &co);
qemu_coroutine_yield();
bdrv_co_io_em_complete here can be called before the coroutine has
yielded. To prepare for the replacement of the AioContext mutex with
fine-grained mutexes, I think bdrv_co_io_em_complete should do something
like
if (ctx != qemu_get_current_aio_context()) {
aio_co_schedule(ctx, co->coroutine);
return;
}
aio_context_acquire(ctx);
qemu_coroutine_enter(co->coroutine, NULL);
aio_context_release(ctx);
> Please document
> that the coroutine must not be entered by anyone else while
> aio_co_schedule() is active.
Sure.
Paolo
next prev parent reply other threads:[~2016-05-17 14:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-15 11:31 [Qemu-devel] [RFC PATCH resend 00/11] Make CoMutex/CoQueue/CoRwlock thread-safe Paolo Bonzini
2016-04-15 11:31 ` [Qemu-devel] [PATCH 01/11] coroutine: use QSIMPLEQ instead of QTAILQ Paolo Bonzini
2016-04-19 13:45 ` Stefan Hajnoczi
2016-04-15 11:31 ` [Qemu-devel] [PATCH 02/11] throttle-groups: restart throttled requests from coroutine context Paolo Bonzini
2016-04-19 13:49 ` Stefan Hajnoczi
2016-04-15 11:31 ` [Qemu-devel] [PATCH 03/11] coroutine: delete qemu_co_enter_next Paolo Bonzini
2016-04-19 13:49 ` Stefan Hajnoczi
2016-04-15 11:31 ` [Qemu-devel] [PATCH 04/11] aio: introduce aio_co_schedule Paolo Bonzini
2016-04-19 14:31 ` Stefan Hajnoczi
2016-05-17 14:57 ` Paolo Bonzini [this message]
2016-05-26 19:19 ` Stefan Hajnoczi
2016-04-29 5:11 ` Fam Zheng
2016-05-17 14:38 ` Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 05/11] coroutine-lock: reschedule coroutine on the AioContext it was running on Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 06/11] coroutine-lock: make CoMutex thread-safe Paolo Bonzini
2016-04-29 6:26 ` Fam Zheng
2016-05-17 15:34 ` Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 07/11] coroutine-lock: add limited spinning to CoMutex Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 08/11] test-aio-multithread: add performance comparison with thread-based mutexes Paolo Bonzini
2016-04-29 6:52 ` Fam Zheng
2016-05-12 16:49 ` Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 09/11] coroutine-lock: place CoMutex before CoQueue in header Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 10/11] coroutine-lock: add mutex argument to CoQueue APIs Paolo Bonzini
2016-04-15 11:32 ` [Qemu-devel] [PATCH 11/11] coroutine-lock: make CoRwlock thread-safe and fair Paolo Bonzini
2016-04-26 10:54 ` [Qemu-devel] [RFC PATCH resend 00/11] Make CoMutex/CoQueue/CoRwlock thread-safe Stefan Hajnoczi
2016-04-27 15:42 ` Stefan Hajnoczi
2016-05-17 15:34 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4dafcfa5-54f9-3ab1-afcf-5ac7270a3951@redhat.com \
--to=pbonzini@redhat.com \
--cc=berto@igalia.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).