From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Peter Xu <peterx@redhat.com>,
qemu-devel@nongnu.org, Juan Quintela <quintela@redhat.com>
Subject: Re: [Qemu-devel] [PATCH RFC 1/6] io: only allow return path for socket typed
Date: Fri, 19 May 2017 15:51:26 +0100 [thread overview]
Message-ID: <20170519145126.GA17164@redhat.com> (raw)
In-Reply-To: <20170519143312.GP2081@work-vm>
On Fri, May 19, 2017 at 03:33:12PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berrange@redhat.com) wrote:
> > > shutdown() is safe, in that it stops any other threads accessing the fd
> > > but doesn't allow it's reallocation until the close; We perform the
> > > close only when we've joined all other threads that were using the fd.
> > > Any of the threads that do new calls on the fd get an error and quickly
> > > fall down their error paths.
> >
> > Ahh that's certainly an interesting scenario. That would certainly be
> > a problem with the migration code when this was originally written.
> > It had two QEMUFile structs each with an 'int fd' field, so when you
> > close 'fd' on one QEMUFile struct, it wouldn't update the other QEMUFile
> > used by another thread.
> >
> > Since we switched over to use QIOChannel though, I think the thread
> > scenario you describe should be avoided entirely. When you have multiple
> > QEMUFile objects, they each have a reference counted pointer to the same
> > underlying QIOChannel object instance. So when QEMUFile triggers a call
> > to qio_channel_close() in one thread, that'll set fd=-1 in the QIOChannel.
> > Since the other threads have a reference to the same QIOChannel object,
> > they'll now see this fd == -1 straightaway.
> >
> > So, IIUC, this should make the need for shutdown() redundant (at least
> > for the thread race conditions you describe).
>
> That's not thread safe unless you're doing some very careful locking.
> Consider:
> T1 T2
> oldfd=fd tmp=fd
> fd=-1
> close(oldfd)
> unrelated open()
> read(tmp,...
>
> In practice every use of fd will be a copy into a tmp and then the
> syscall; the unrelated open() could happen in another thread.
> (OK, the gap between the tmp and the read is tiny, although if we're
> doing multiple operations chances are the compiler will optimise
> it to the top of a loop).
>
> There's no way to make that code safe.
Urgh, yes, I see what you mean.
Currently the QIOChannelCommand implementation, uses a pair of anonymous
pipes for stdin/out to the child process. I wonder if we could switch
that to use socketpair() instead, thus letting us shutdown() on it too.
Though I guess it would be sufficient for qio_channel_shutdown() to
merely kill the child PID, while leaving the FDs open, as then you'd
get EOF and/or EPIPE on the read/writes.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2017-05-19 14:51 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 6:43 [Qemu-devel] [PATCH RFC 0/6] migration: enable return-path for precopy Peter Xu
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 1/6] io: only allow return path for socket typed Peter Xu
2017-05-19 8:25 ` Daniel P. Berrange
2017-05-19 8:30 ` Daniel P. Berrange
2017-05-19 9:55 ` Peter Xu
2017-05-19 12:54 ` Dr. David Alan Gilbert
2017-05-19 9:51 ` Peter Xu
2017-05-19 10:03 ` Daniel P. Berrange
2017-05-19 12:51 ` Dr. David Alan Gilbert
2017-05-19 12:56 ` Daniel P. Berrange
2017-05-19 13:02 ` Dr. David Alan Gilbert
2017-05-19 13:13 ` Daniel P. Berrange
2017-05-19 14:33 ` Dr. David Alan Gilbert
2017-05-19 14:51 ` Daniel P. Berrange [this message]
2017-05-19 18:41 ` Dr. David Alan Gilbert
2017-05-22 8:26 ` Daniel P. Berrange
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 2/6] migration: isolate return path on src Peter Xu
2017-05-30 13:31 ` Juan Quintela
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 3/6] migration: fix leak of src file on dst Peter Xu
2017-05-30 15:49 ` Juan Quintela
2017-05-31 9:51 ` Juan Quintela
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 4/6] migration: shut src return path unconditionally Peter Xu
2017-05-19 19:28 ` Dr. David Alan Gilbert
2017-05-30 15:50 ` Juan Quintela
2017-05-31 7:31 ` Peter Xu
2017-05-31 7:36 ` Juan Quintela
2017-05-30 15:59 ` Juan Quintela
2017-06-05 20:22 ` Eric Blake
2017-06-06 2:00 ` Peter Xu
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 5/6] migration: let MigrationState be an QObject Peter Xu
2017-05-30 15:57 ` Juan Quintela
2017-05-31 7:33 ` Peter Xu
2017-05-19 6:43 ` [Qemu-devel] [PATCH RFC 6/6] migration: enable return path for precopy Peter Xu
2017-05-30 15:59 ` Juan Quintela
2017-05-31 7:38 ` Peter Xu
2017-05-31 7:43 ` Juan Quintela
2017-05-31 8:04 ` Peter Xu
2017-05-31 8:12 ` Juan Quintela
2017-05-19 6:48 ` [Qemu-devel] [PATCH RFC 0/6] migration: enable return-path " Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170519145126.GA17164@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.