From: "Daniel P. Berrange" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org, armbru@redhat.com
Subject: Re: [Qemu-devel] chardev's and fd's in monitors
Date: Thu, 20 Oct 2016 09:34:36 +0100 [thread overview]
Message-ID: <20161020083436.GB12145@redhat.com> (raw)
In-Reply-To: <1aa4a32c-3816-1c8d-6722-b54c9f22fe09@redhat.com>
On Wed, Oct 19, 2016 at 10:51:07PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2016 19:01, Dr. David Alan Gilbert wrote:
> > * Paolo Bonzini (pbonzini@redhat.com) wrote:
> >>
> >>
> >> On 18/10/2016 16:01, Daniel P. Berrange wrote:
> >>>>>
> >>>>> I already use error_report's in places in migration threads of various
> >>>>> types; I'm not sure if that's a problem.
> >>> Unless those places are protected by the big qemu lock, that sounds
> >>> not good. error_report calls into error_vprintf which checks the
> >>> 'cur_mon' global "Monitor" pointer. This variable is updated at
> >>> runtime - eg in qmp_human_monitor_command(), monitor_qmp_read(),
> >>> monitor_read(), etc. So if migration threads outside the BQL are
> >>> calling error_report() that could well cause problems. If you
> >>> are lucky messages will merely end up going to stderr instead of
> >>> the monitor, but in worst case I wouldn't be surprised if there
> >>> is a crash possibility in some race conditions.
> >>
> >> Writes to chardevs *are* thread-safe (assuming qio_channel_create_watch
> >> is thread-safe; it seems to be).
> >
> > Hmm that's useful (although it doesn't solve error_report because error_vprintf
> > is racy itself).
>
> How is it racy? Because of the case where cur_mon changes under the
> feet of error_vprintf? I guess that can be ignored for now (just a TODO
> comment will do).
Yes, the usage of cur_mon is unsafe as there's a TOCTOU race in
there that I believe can result in a NULL pointer crash.
eg these two methods:
static inline bool monitor_is_qmp(const Monitor *mon)
{
return (mon->flags & MONITOR_USE_CONTROL);
}
bool monitor_cur_is_qmp(void)
{
return cur_mon && monitor_is_qmp(cur_mon);
}
In using error_vprintf() from a non-main thread and not holding
the big QEMU lock, then 'cur_mon' can change between time we
check that its non-NULL, and when accessing cur_mon->flags.
Admittedly its a rare race - you could have to have an error
being reported by background migration, concurrently with a
monitor command being invoked, but that will hit someone
eventually unless I'm missing some synchronization somewhere.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2016-10-20 8:34 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-12 19:15 [Qemu-devel] chardev's and fd's in monitors Dr. David Alan Gilbert
2016-10-12 20:02 ` Marc-André Lureau
2016-10-13 15:47 ` Dr. David Alan Gilbert
2016-10-18 10:04 ` Daniel P. Berrange
2016-10-18 11:32 ` Dr. David Alan Gilbert
2016-10-18 11:41 ` Marc-André Lureau
2016-10-18 11:44 ` Marc-André Lureau
2016-10-18 12:01 ` Daniel P. Berrange
2016-10-18 13:25 ` Dr. David Alan Gilbert
2016-10-18 13:35 ` Daniel P. Berrange
2016-10-18 13:52 ` Dr. David Alan Gilbert
2016-10-18 14:01 ` Daniel P. Berrange
2016-10-18 18:53 ` Dr. David Alan Gilbert
2016-10-19 7:45 ` Daniel P. Berrange
2016-10-19 8:00 ` Markus Armbruster
2016-10-19 8:12 ` Dr. David Alan Gilbert
2016-10-19 8:42 ` Daniel P. Berrange
2016-10-19 9:48 ` Markus Armbruster
2016-10-19 10:05 ` Dr. David Alan Gilbert
2016-10-19 10:16 ` Daniel P. Berrange
2016-10-19 12:16 ` Markus Armbruster
2016-10-19 12:21 ` Daniel P. Berrange
2016-10-19 18:06 ` Dr. David Alan Gilbert
2016-10-20 8:37 ` Daniel P. Berrange
2016-10-20 8:53 ` Marc-André Lureau
2016-10-20 10:45 ` Markus Armbruster
2016-10-20 16:56 ` Paolo Bonzini
2016-10-21 9:12 ` Markus Armbruster
2016-10-21 21:06 ` Paolo Bonzini
2016-10-24 7:07 ` Markus Armbruster
2016-10-21 9:35 ` Daniel P. Berrange
2016-10-20 16:59 ` Dr. David Alan Gilbert
2016-10-20 8:55 ` Markus Armbruster
2016-10-20 9:03 ` Daniel P. Berrange
2016-10-20 9:58 ` Dr. David Alan Gilbert
2016-10-20 10:42 ` Markus Armbruster
2016-10-20 11:01 ` Dr. David Alan Gilbert
2016-10-20 11:10 ` Daniel P. Berrange
2016-10-20 11:45 ` Markus Armbruster
2016-10-20 11:08 ` Daniel P. Berrange
2016-10-20 11:57 ` Markus Armbruster
2016-10-20 17:56 ` Dr. David Alan Gilbert
2016-10-21 9:06 ` Markus Armbruster
2016-10-21 9:37 ` Daniel P. Berrange
2016-10-21 11:56 ` Dr. David Alan Gilbert
2016-10-21 9:45 ` Dr. David Alan Gilbert
2016-10-19 12:26 ` Paolo Bonzini
2016-10-19 17:01 ` Dr. David Alan Gilbert
2016-10-19 20:51 ` Paolo Bonzini
2016-10-20 8:34 ` Daniel P. Berrange [this message]
2016-10-18 12:08 ` Markus Armbruster
2016-10-18 12:13 ` Daniel P. Berrange
2016-10-18 12:43 ` Dr. David Alan Gilbert
2016-10-18 10:06 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161020083436.GB12145@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.