From: Kevin Wolf <kwolf@redhat.com>
To: Jorge Merlino <jorge.merlino@canonical.com>
Cc: qemu-devel@nongnu.org, Alberto Garcia <berto@igalia.com>,
Hanna Reitz <hreitz@redhat.com>,
qemu-block@nongnu.org
Subject: Re: [PATCH] throttle-group: fix race condition when using iothreads
Date: Wed, 11 Mar 2026 10:37:38 +0100 [thread overview]
Message-ID: <abE34qeQY36q2PkY@redhat.com> (raw)
In-Reply-To: <20260310-fix-race-condition-b4-v1-1-09b9b9262a58@canonical.com>
Am 11.03.2026 um 00:08 hat Jorge Merlino geschrieben:
> There is a race condition on the value of throttle_timers on the
> ThrottleGroupMember structure. Those timers should be protected by the
> ThrottleGroup lock but sometimes are read without the lock and the code
> expects their value to remain constant.
>
> In particular, there is an assertion that can be false as the timers can
> change between their value is checked and the assertion is run.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3194
>
> Signed-off-by: Jorge Merlino <jorge.merlino@canonical.com>
For context, there was another attempt a while ago to fix this race:
https://patchew.org/QEMU/20251117011045.1232-1-luzhipeng@cestc.cn/
Unfortunately, neither the author nor Berto follow up on my response, so
it went nowhere.
As you can see, my conclusion then was, too, that the locking needs to
be extended. So in that respect, I agree with your patch.
I'm not completely clear on how much code needs to be covered by the
lock. Is it okay for throttle_group_restart_queue_entry() to run only
after the timer has been rescheduled?
Also relevant context: Commit 25b8e4d, which introduced the assertion
and stated that the situation shouldn't happen.
> This patch fixes a race condition on an assertion on the value of the
> ThrottleGroupMember throttle_timers.
>
> The patch is minimal as it changes only a few lines. It will probably
> have to be refactored, maybe removing part of the code of the
> throttle_group_restart_queue procedure and duplicating it before the
> call. As it is now, this procedure needs to be called with the
> ThrottleGroup lock held as it will unlock it during its execution.
>
> I left it as is now so that the changes are clear for review. As I'm
> messing with locks and I'm not an expert on this codebase I'm not sure
> if there could be side effects I'm not aware of.
Yes, there are clearly things to be improved so that lock/unlock happen
in the same function, but let's first figure out what actually needs to
be done before we worry about the refactoring.
Kevin
next prev parent reply other threads:[~2026-03-11 9:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 23:08 [PATCH] throttle-group: fix race condition when using iothreads Jorge Merlino
2026-03-11 9:37 ` Kevin Wolf [this message]
2026-03-11 11:59 ` Alberto Garcia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abE34qeQY36q2PkY@redhat.com \
--to=kwolf@redhat.com \
--cc=berto@igalia.com \
--cc=hreitz@redhat.com \
--cc=jorge.merlino@canonical.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox