From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:43920)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>) id 1T4fYM-0002Ul-Ei
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 18:07:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>) id 1T4fYL-0001xf-C4
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 18:07:02 -0400
Received: from mail-ee0-f45.google.com ([74.125.83.45]:65302)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jcmvbkbc@gmail.com>) id 1T4fYL-0001xV-4e
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 18:07:01 -0400
Received: by eeke53 with SMTP id e53so486940eek.4
	for <qemu-devel@nongnu.org>; Thu, 23 Aug 2012 15:06:58 -0700 (PDT)
Message-ID: <5036A97F.7030604@gmail.com>
Date: Fri, 24 Aug 2012 02:06:55 +0400
From: Max Filippov <jcmvbkbc@gmail.com>
MIME-Version: 1.0
References: <1345728155-11667-1-git-send-email-aliguori@us.ibm.com>
In-Reply-To: <1345728155-11667-1-git-send-email-aliguori@us.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] monitor: move json init from OPEN event to
 init
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: qemu-devel@nongnu.org

On Thu, Aug 23, 2012 at 5:22 PM, Anthony Liguori <aliguori@us.ibm.com> wrote:
> At some point in the past, the OPEN event was changed to be issued from a
> bottom half.  This creates a small window whereas a data callback registered in
> init may be invoked before the OPEN event has been issued.
>
> This is reproducible with:
>
>  echo "{'execute': 'qmp_capabilities'}" | qemu-system-x86_64 -M none -qmp stdio
>
> We can fix this for the monitor by moving the parser initialization to init.
>
> The remaining state that is set in OPEN appears harmless.
>
> Reported-by: Daniel Berrange <berrange@redhat.com>
> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
> ---
>  monitor.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/monitor.c b/monitor.c
> index 480f583..b188582 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -4832,7 +4832,6 @@ static void monitor_control_event(void *opaque, int event)
>      switch (event) {
>      case CHR_EVENT_OPENED:
>          mon->mc->command_mode = 0;
> -        json_message_parser_init(&mon->mc->parser, handle_qmp_command);
>          data = get_qmp_greeting();
>          monitor_json_emitter(mon, data);
>          qobject_decref(data);
> @@ -4840,6 +4839,7 @@ static void monitor_control_event(void *opaque, int event)
>          break;
>      case CHR_EVENT_CLOSED:
>          json_message_parser_destroy(&mon->mc->parser);
> +        json_message_parser_init(&mon->mc->parser, handle_qmp_command);
>          mon_refcount--;
>          monitor_fdsets_cleanup();
>          break;
> @@ -4951,6 +4951,8 @@ void monitor_init(CharDriverState *chr, int flags)
>                                monitor_event, mon);
>      }
>
> +    json_message_parser_init(&mon->mc->parser, handle_qmp_command);
> +

This hunk causes SIGSEGV on qemu-system-xtensa with the following trace:

Program received signal SIGSEGV, Segmentation fault.
json_message_parser_init (parser=0x8, func=0x5555556b4db0 <handle_qmp_command>) at qemu/json-streamer.c:98
98          parser->emit = func;
(gdb) bt
#0  json_message_parser_init (parser=0x8, func=0x5555556b4db0 <handle_qmp_command>) at qemu/json-streamer.c:98
#1  0x00005555556ba5c7 in monitor_init (chr=0x555556228fe0, flags=2) at qemu/monitor.c:4954
#2  0x000055555564f83d in qemu_chr_new (label=<optimized out>, filename=<optimized out>, init=0) at qemu/qemu-char.c:2828
#3  0x0000555555626525 in serial_parse (devname=0x5555556f4152 "mon:stdio") at qemu/vl.c:2068
#4  serial_parse (devname=<optimized out>) at qemu/vl.c:2056
#5  0x0000555555625009 in foreach_device_config (type=2, func=0x5555556264b0 <serial_parse>) at qemu/vl.c:2048
#6  0x00005555555973f5 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at qemu/vl.c:3588

The command line is the following:

 qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting  -kernel ./test_b.tst

>      QLIST_INSERT_HEAD(&mon_list, mon, entry);
>      if (!default_mon || (flags & MONITOR_IS_DEFAULT))
>          default_mon = mon;
> --
> 1.7.5.4
>
>

-- 
Thanks.
-- Max