Re: [Qemu-devel] [PATCH 2/7] qom: handle registration of new types when initializing the first ones

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Hervé Poussineau" <hpoussin@reactos.org>
To: "Andreas Färber" <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
	Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] [PATCH 2/7] qom: handle registration of new types when initializing the first ones
Date: Sun, 05 May 2013 10:38:11 +0200	[thread overview]
Message-ID: <51861A73.20900@reactos.org> (raw)
In-Reply-To: <5183A39A.3000806@suse.de>

[-- Attachment #1: Type: text/plain, Size: 6689 bytes --]

Andreas Färber a écrit :
> Am 02.05.2013 22:08, schrieb Hervé Poussineau:
>> When initializing all types in object_class_foreach, called by object_class_get_list,
>> some new types may be registered. Those will change the type internal hashtable which
>> is currently enumerated, and may crash QEMU.
>>
>> Fix it, by adding a second hash table which contains all the non-initialized types,
>> merged to the main one before each round of initializations.
>>
>> Bug has been detected when registering dynamic types containing an interface.
>>
>> Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
>> ---
>>  qom/object.c |   45 +++++++++++++++++++++++++++++++++++++--------
>>  1 file changed, 37 insertions(+), 8 deletions(-)
> 
> Could you be more specific about how to reproduce the problem? Is it a
> generic issue or specific to some later patch in this series? I find
> neither object_class_get_list() nor object_class_for_each() being used
> in this series. And registering types during object_class_for_each()
> doesn't sound right... CC'ing Anthony and Paolo.

Try the attached patch, and run with qemu-system-ppc (no arguments)
I added a dummy interface to a random device, but the problem should be 
exposed by whatever interface on whatever device. I saw the problem in 
patch 5/7 ("add a Nvram interface").
However, the problem doesn't seem to appear on other system emulations 
like i386.

With attached patch, you'll get an assert:
qemu-system-ppc: qom/object.c:82: type_table_add: Assertion 
`!enumerating' failed.

Program received signal SIGABRT, Aborted.
0xb7fe1430 in __kernel_vsyscall ()
(gdb) bt
  #0  0xb7fe1430 in __kernel_vsyscall ()
  #1  0xb6f27941 in *__GI_raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
  #2  0xb6f2ad72 in *__GI_abort () at abort.c:92
  #3  0xb6f20b58 in *__GI___assert_fail 
(assertion=assertion@entry=0x803809f8 "!enumerating",
      file=file@entry=0x80380adc "qom/object.c", line=line@entry=82,
      function=function@entry=0x80380c6c "type_table_add") at assert.c:81
  #4  0x80197513 in type_table_add (ti=0x80b67bd0) at qom/object.c:82
  #5  type_register_internal (info=0xbfffef0c) at qom/object.c:124
  #6  0x8019764c in type_initialize_interface (parent=0x80b3ec18 
"interface",
      ti=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
      ti=<error reading variable: Unhandled dwarf expression opcode 
0xfa>) at qom/object.c:218
  #7  0x801978fe in type_initialize (ti=<optimized out>) at qom/object.c:271
  #8  type_initialize (ti=0x80b3eb30) at qom/object.c:229
  #9  0x80197dfa in object_class_foreach_tramp (key=0x80b3ebf0, 
value=0x80b3eb30, opaque=0xbffff03c)
      at qom/object.c:563
  #10 0xb7ef35e2 in g_hash_table_foreach () from 
/lib/i386-linux-gnu/libglib-2.0.so.0
  #11 0x801980b1 in object_class_foreach (fn=fn@entry=0x80197180 
<object_class_get_list_tramp>,
      implements_type=implements_type@entry=0x8039b834 "powerpc-cpu", 
include_abstract=include_abstract@entry=false,
      opaque=opaque@entry=0xbffff078) at qom/object.c:585
  #12 0x801981ba in object_class_get_list 
(implements_type=implements_type@entry=0x8039b834 "powerpc-cpu",
      include_abstract=include_abstract@entry=false) at qom/object.c:618
  #13 0x80328d4e in ppc_cpu_class_by_name (name=name@entry=0x8039dc69 "G3")
      at target-ppc/translate_init.c:8003
  #14 0x80328f7a in cpu_ppc_init (cpu_model=cpu_model@entry=0x8039dc69 "G3")
      at target-ppc/translate_init.c:8020
  #15 0x80216724 in ppc_heathrow_init (args=0xbffff2a8) at 
hw/ppc/mac_oldworld.c:109
  #16 0x80040b81 in main (argc=1, argv=0xbffff4b4, envp=0xbffff4bc) at 
vl.c:4304
> 
>> diff --git a/qom/object.c b/qom/object.c
>> index 75e6aac..e0a24dc 100644
>> --- a/qom/object.c
>> +++ b/qom/object.c
>> @@ -65,25 +65,39 @@ struct TypeImpl
>>  
>>  static Type type_interface;
>>  
>> +static GHashTable *type_table_to_initialize;
>> +static GHashTable *type_table_initialized;
>> +
>>  static GHashTable *type_table_get(void)
>>  {
>> -    static GHashTable *type_table;
>> -
>> -    if (type_table == NULL) {
>> -        type_table = g_hash_table_new(g_str_hash, g_str_equal);
>> +    if (!type_table_initialized) {
>> +        type_table_initialized = g_hash_table_new(g_str_hash, g_str_equal);
>>      }
>>  
>> -    return type_table;
>> +    return type_table_initialized;
>>  }
>>  
>>  static void type_table_add(TypeImpl *ti)
>>  {
>> -    g_hash_table_insert(type_table_get(), (void *)ti->name, ti);
>> +    GHashTable **type_table;
>> +    if (ti->class) {
>> +        type_table = &type_table_initialized;
>> +    } else {
>> +        type_table = &type_table_to_initialize;
>> +    }
>> +    if (!*type_table) {
>> +        *type_table = g_hash_table_new(g_str_hash, g_str_equal);
>> +    }
>> +    g_hash_table_insert(*type_table, (void *)ti->name, ti);
>>  }
>>  
>>  static TypeImpl *type_table_lookup(const char *name)
>>  {
>> -    return g_hash_table_lookup(type_table_get(), name);
>> +    TypeImpl *ret = g_hash_table_lookup(type_table_get(), name);
>> +    if (!ret && type_table_to_initialize) {
>> +        ret = g_hash_table_lookup(type_table_to_initialize, name);
>> +    }
>> +    return ret;
>>  }
>>  
>>  static TypeImpl *type_register_internal(const TypeInfo *info)
>> @@ -573,13 +587,28 @@ static void object_class_foreach_tramp(gpointer key, gpointer value,
>>      data->fn(k, data->opaque);
>>  }
>>  
>> +static void object_class_merge(gpointer key, gpointer value,
>> +                               gpointer opaque)
>> +{
>> +    g_hash_table_insert(type_table_get(), key, value);
>> +}
>> +
>>  void object_class_foreach(void (*fn)(ObjectClass *klass, void *opaque),
>>                            const char *implements_type, bool include_abstract,
>>                            void *opaque)
>>  {
>>      OCFData data = { fn, implements_type, include_abstract, opaque };
>>  
>> -    g_hash_table_foreach(type_table_get(), object_class_foreach_tramp, &data);
>> +    while (type_table_to_initialize &&
>> +           g_hash_table_size(type_table_to_initialize) > 0) {
>> +        g_hash_table_foreach(type_table_to_initialize, object_class_merge,
>> +                             NULL);
>> +        g_hash_table_destroy(type_table_to_initialize);
>> +        type_table_to_initialize = NULL;
>> +
>> +        g_hash_table_foreach(type_table_get(), object_class_foreach_tramp,
>> +                             &data);
>> +    }
>>  }
>>  
>>  int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
>>
> 
> 


[-- Attachment #2: 0001-usb-ehci-add-an-empty-interface-to-expose-a-problem-.patch --]
[-- Type: text/plain, Size: 3765 bytes --]

From 4da22be31d5fc8df887b8c76c609b9844bebe9f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpoussin@reactos.org>
Date: Sun, 5 May 2013 10:31:24 +0200
Subject: [PATCH] usb-ehci: add an empty interface to expose a problem in QOM

Run with qemu-system-ppc (no arguments)

qemu-system-ppc: qom/object.c:82: type_table_add: Assertion `!enumerating' failed.

Program received signal SIGABRT, Aborted.
0xb7fe1430 in __kernel_vsyscall ()
(gdb) bt
 #0  0xb7fe1430 in __kernel_vsyscall ()
 #1  0xb6f27941 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
 #2  0xb6f2ad72 in *__GI_abort () at abort.c:92
 #3  0xb6f20b58 in *__GI___assert_fail (assertion=assertion@entry=0x803809f8 "!enumerating",
     file=file@entry=0x80380adc "qom/object.c", line=line@entry=82,
     function=function@entry=0x80380c6c "type_table_add") at assert.c:81
 #4  0x80197513 in type_table_add (ti=0x80b67bd0) at qom/object.c:82
 #5  type_register_internal (info=0xbfffef0c) at qom/object.c:124
 #6  0x8019764c in type_initialize_interface (parent=0x80b3ec18 "interface",
     ti=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
     ti=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qom/object.c:218
 #7  0x801978fe in type_initialize (ti=<optimized out>) at qom/object.c:271
 #8  type_initialize (ti=0x80b3eb30) at qom/object.c:229
 #9  0x80197dfa in object_class_foreach_tramp (key=0x80b3ebf0, value=0x80b3eb30, opaque=0xbffff03c)
     at qom/object.c:563
 #10 0xb7ef35e2 in g_hash_table_foreach () from /lib/i386-linux-gnu/libglib-2.0.so.0
 #11 0x801980b1 in object_class_foreach (fn=fn@entry=0x80197180 <object_class_get_list_tramp>,
     implements_type=implements_type@entry=0x8039b834 "powerpc-cpu", include_abstract=include_abstract@entry=false,
     opaque=opaque@entry=0xbffff078) at qom/object.c:585
 #12 0x801981ba in object_class_get_list (implements_type=implements_type@entry=0x8039b834 "powerpc-cpu",
     include_abstract=include_abstract@entry=false) at qom/object.c:618
 #13 0x80328d4e in ppc_cpu_class_by_name (name=name@entry=0x8039dc69 "G3")
     at target-ppc/translate_init.c:8003
 #14 0x80328f7a in cpu_ppc_init (cpu_model=cpu_model@entry=0x8039dc69 "G3")
     at target-ppc/translate_init.c:8020
 #15 0x80216724 in ppc_heathrow_init (args=0xbffff2a8) at hw/ppc/mac_oldworld.c:109
 #16 0x80040b81 in main (argc=1, argv=0xbffff4b4, envp=0xbffff4bc) at vl.c:4304
---
 hw/usb/hcd-uhci.c |    4 ++++
 qom/object.c      |    4 ++++
 2 files changed, 8 insertions(+)

diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
index f8c4286..a95ca30 100644
--- a/hw/usb/hcd-uhci.c
+++ b/hw/usb/hcd-uhci.c
@@ -1386,6 +1386,10 @@ static void uhci_register_types(void)
         .instance_size = sizeof(UHCIState),
         .class_size    = sizeof(UHCIPCIDeviceClass),
         .class_init    = uhci_class_init,
+        .interfaces = (InterfaceInfo[]) {
+            { TYPE_INTERFACE },
+            { }
+        }
     };
     int i;
 
diff --git a/qom/object.c b/qom/object.c
index 75e6aac..b8e9f4f 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -76,8 +76,10 @@ static GHashTable *type_table_get(void)
     return type_table;
 }
 
+static bool enumerating = false;
 static void type_table_add(TypeImpl *ti)
 {
+    assert(!enumerating);
     g_hash_table_insert(type_table_get(), (void *)ti->name, ti);
 }
 
@@ -579,7 +581,9 @@ void object_class_foreach(void (*fn)(ObjectClass *klass, void *opaque),
 {
     OCFData data = { fn, implements_type, include_abstract, opaque };
 
+    enumerating = true;
     g_hash_table_foreach(type_table_get(), object_class_foreach_tramp, &data);
+    enumerating = false;
 }
 
 int object_child_foreach(Object *obj, int (*fn)(Object *child, void *opaque),
-- 
1.7.10.4

next prev parent reply	other threads:[~2013-05-05  8:38 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-02 20:08 [Qemu-devel] [PATCH 0/7] ppc/prep: add IBM RS/6000 43p machine Hervé Poussineau
2013-05-02 20:08 ` [Qemu-devel] [PATCH 1/7] pci: add MPC105 PCI host bridge emulation Hervé Poussineau
2013-05-02 21:01   ` [Qemu-devel] [Qemu-ppc] " Alexander Graf
2013-05-03  5:57     ` Hervé Poussineau
2013-05-06 15:01       ` Alexander Graf
2013-05-06 20:57         ` Hervé Poussineau
2013-05-06 22:16           ` Alexander Graf
2013-05-06 22:41           ` Andreas Färber
2013-05-07  5:48             ` Hervé Poussineau
2013-05-09 17:47               ` Blue Swirl
2013-05-02 20:08 ` [Qemu-devel] [PATCH 2/7] qom: handle registration of new types when initializing the first ones Hervé Poussineau
2013-05-03 11:46   ` Andreas Färber
2013-05-05  8:38     ` Hervé Poussineau [this message]
2013-05-02 20:09 ` [Qemu-devel] [PATCH 3/7] m48t59: move ISA ports/memory regions registration to QOM constructor Hervé Poussineau
2013-05-02 20:09 ` [Qemu-devel] [PATCH 4/7] m48t59: register a QOM type for each nvram type we support Hervé Poussineau
2013-05-02 21:29   ` Artyom Tarasenko
2013-05-03  5:50     ` Hervé Poussineau
2013-05-03 23:16       ` Artyom Tarasenko
2013-05-04  5:24         ` Hervé Poussineau
2013-05-02 20:09 ` [Qemu-devel] [PATCH 5/7] m48t59: add a Nvram interface Hervé Poussineau
2013-05-02 20:09 ` [Qemu-devel] [PATCH 6/7] prep: add IBM RS/6000 7248 (43p) machine emulation Hervé Poussineau
2013-05-02 20:09 ` [Qemu-devel] [PATCH 7/7] prep: QOM'ify System I/O Hervé Poussineau
2013-05-03 11:36   ` Andreas Färber
2013-05-04  9:38     ` Hervé Poussineau

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f8c4286 dfblob:a95ca30 dfblob:75e6aac dfblob:b8e9f4f )
 OR (
bs:"usb-ehci: add an empty interface to expose a problem in QOM" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51861A73.20900@reactos.org \
    --to=hpoussin@reactos.org \
    --cc=afaerber@suse.de \
    --cc=anthony@codemonkey.ws \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).