From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:54927) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8xIO-00017e-3R for qemu-devel@nongnu.org; Wed, 28 Sep 2011 12:47:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R8xIM-000429-QR for qemu-devel@nongnu.org; Wed, 28 Sep 2011 12:47:44 -0400 Received: from mail-yx0-f173.google.com ([209.85.213.173]:57898) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R8xIM-000425-N1 for qemu-devel@nongnu.org; Wed, 28 Sep 2011 12:47:42 -0400 Received: by yxl11 with SMTP id 11so8348445yxl.4 for ; Wed, 28 Sep 2011 09:47:41 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <8C59C829-F5F8-40C8-9012-4E9178C85B35@tellabs.com> References: <6933F59A-DA47-4F49-8F6B-BD968619A790@tellabs.com> <20110927071710.GB8740@stefanha-thinkpad.localdomain> <4673B621-A63A-4C33-97A8-912699F332D8@tellabs.com> <8C59C829-F5F8-40C8-9012-4E9178C85B35@tellabs.com> Date: Wed, 28 Sep 2011 17:47:41 +0100 Message-ID: From: Stefan Hajnoczi Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] virtqueue corruption in emulation mode? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Sinha, Ani" Cc: "qemu-devel@nongnu.org" On Wed, Sep 28, 2011 at 3:23 PM, Sinha, Ani wrote: > > On Sep 28, 2011, at 1:51 AM, Stefan Hajnoczi wrote: > >> On Wed, Sep 28, 2011 at 3:01 AM, Sinha, Ani wrot= e: >>> >>> On Sep 27, 2011, at 12:17 AM, Stefan Hajnoczi wrote: >>> >>>> On Mon, Sep 26, 2011 at 07:16:56PM -0500, Sinha, Ani wrote: >>>>> I am using the virtqueue (virtqueue_pop, virtqueue_push etc) in the e= mulated mode (non-kvm mode) from an IO thread (a separate thread different = from main QEMU thread). What I am observing is that the virtqueue memory se= ems to get corrupt. Either qemu crashes while performing virtqueue_push() (= virtqueue_push() -> virtqueue_fill() ->bring_used_idx()->lduw_phys()->qemu_= get_ram_ptr()->"bad ram offset") or crashes when the guest accesses a bad m= emory while using virtqueue. Now this never ever happens when I run QEMU in= KVM mode (/dev/kvm present) OR when I use my functions from within the mai= n qemu thread. I am unable to figure out why this is happening. I have look= ed into my code over and over again and I can't seem to explain this behavi= or. Can any of you guys give me any inkling? >>>> >>>> QEMU is not thread-safe in general. =A0It uses a big lock to protect m= ost >>>> of its internal state. >>> >>> >>> I see. So may be I should do something like qemu_set_fd_handler(fd, =85= ) where fd is a pipe and the handler does the virtqueue_push() etc? >>> Now my question is, is it safe to do elem =3D virtqueue_pop(vq) from ma= in event loop, then so some work on the elem popped out in an worker thread= and then at some later point do a virtqueue_push(vq, elem) from that handl= er (which is called by main_loop() ->main_loop_wait())? =A0In other words, = the vq reference is being used from the main event loop at two different po= ints from two different functions but not in a contiguous fashion within th= e same function. >> >> Yes but do you need a helper thread? =A0Most of QEMU is based on >> qemu_set_fd_handler() and callbacks, including for host network and >> disk I/O. =A0If you follow the way QEMU does things it should be >> easiest. > > I need a helper thread to do blocking IO. The device IOCTLS are inherentl= y blocking, unfortunately. posix-aio-compat.c already implements a threadpool. It is geared towards using the QEMU block layer (BlockDriverState) but the pure ioctl codepath can be used without a BlockDriverState by passing NULL. So this could save you some effort, check out paio_submit(). Stefan