All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
	"Akihiko Odaki" <akihiko.odaki@daynix.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Stefan Hajnoczi" <stefanha@redhat.com>,
	"Michael Tokarev" <mjt@tls.msk.ru>
Subject: [Stable-8.2.1 58/71] coroutine-ucontext: Save fake stack for pooled coroutine
Date: Sun, 28 Jan 2024 20:50:21 +0300	[thread overview]
Message-ID: <20240128175035.812352-4-mjt@tls.msk.ru> (raw)
In-Reply-To: <qemu-stable-8.2.1-20240128204849@cover.tls.msk.ru>

From: Akihiko Odaki <akihiko.odaki@daynix.com>

Coroutine may be pooled even after COROUTINE_TERMINATE if
CONFIG_COROUTINE_POOL is enabled and fake stack should be saved in
such a case to keep AddressSanitizerUseAfterReturn working. Even worse,
I'm seeing stack corruption without fake stack being saved.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240117-asan-v2-1-26f9e1ea6e72@daynix.com>
(cherry picked from commit d9945ccda08ef83b09ac7725b6ee2d1959f2c0c0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index 7b304c79d9..8ef603d081 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -119,13 +119,11 @@ void finish_switch_fiber(void *fake_stack_save)
 
 /* always_inline is required to avoid TSan runtime fatal errors. */
 static inline __attribute__((always_inline))
-void start_switch_fiber_asan(CoroutineAction action, void **fake_stack_save,
+void start_switch_fiber_asan(void **fake_stack_save,
                              const void *bottom, size_t size)
 {
 #ifdef CONFIG_ASAN
-    __sanitizer_start_switch_fiber(
-            action == COROUTINE_TERMINATE ? NULL : fake_stack_save,
-            bottom, size);
+    __sanitizer_start_switch_fiber(fake_stack_save, bottom, size);
 #endif
 }
 
@@ -165,7 +163,7 @@ static void coroutine_trampoline(int i0, int i1)
     if (!sigsetjmp(self->env, 0)) {
         CoroutineUContext *leaderp = get_ptr_leader();
 
-        start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save,
+        start_switch_fiber_asan(&fake_stack_save,
                                 leaderp->stack, leaderp->stack_size);
         start_switch_fiber_tsan(&fake_stack_save, self, true); /* true=caller */
         siglongjmp(*(sigjmp_buf *)co->entry_arg, 1);
@@ -226,8 +224,7 @@ Coroutine *qemu_coroutine_new(void)
 
     /* swapcontext() in, siglongjmp() back out */
     if (!sigsetjmp(old_env, 0)) {
-        start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, co->stack,
-                                co->stack_size);
+        start_switch_fiber_asan(&fake_stack_save, co->stack, co->stack_size);
         start_switch_fiber_tsan(&fake_stack_save,
                                 co, false); /* false=not caller */
 
@@ -269,10 +266,28 @@ static inline void valgrind_stack_deregister(CoroutineUContext *co)
 #endif
 #endif
 
+#if defined(CONFIG_ASAN) && defined(CONFIG_COROUTINE_POOL)
+static void coroutine_fn terminate_asan(void *opaque)
+{
+    CoroutineUContext *to = DO_UPCAST(CoroutineUContext, base, opaque);
+
+    set_current(opaque);
+    start_switch_fiber_asan(NULL, to->stack, to->stack_size);
+    G_STATIC_ASSERT(!IS_ENABLED(CONFIG_TSAN));
+    siglongjmp(to->env, COROUTINE_ENTER);
+}
+#endif
+
 void qemu_coroutine_delete(Coroutine *co_)
 {
     CoroutineUContext *co = DO_UPCAST(CoroutineUContext, base, co_);
 
+#if defined(CONFIG_ASAN) && defined(CONFIG_COROUTINE_POOL)
+    co_->entry_arg = qemu_coroutine_self();
+    co_->entry = terminate_asan;
+    qemu_coroutine_switch(co_->entry_arg, co_, COROUTINE_ENTER);
+#endif
+
 #ifdef CONFIG_VALGRIND_H
     valgrind_stack_deregister(co);
 #endif
@@ -305,8 +320,10 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
 
     ret = sigsetjmp(from->env, 0);
     if (ret == 0) {
-        start_switch_fiber_asan(action, &fake_stack_save, to->stack,
-                                to->stack_size);
+        start_switch_fiber_asan(IS_ENABLED(CONFIG_COROUTINE_POOL) ||
+                                action != COROUTINE_TERMINATE ?
+                                    &fake_stack_save : NULL,
+                                to->stack, to->stack_size);
         start_switch_fiber_tsan(&fake_stack_save,
                                 to, false); /* false=not caller */
         siglongjmp(to->env, action);
-- 
2.39.2



  parent reply	other threads:[~2024-01-28 17:55 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-28 17:50 [Stable-8.2.1 00/71] Patch Round-up for stable 8.2.1, frozen on 2024-01-27 Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 55/71] acpi/tests/avocado/bits: wait for 200 seconds for SHUTDOWN event from bits VM Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 56/71] accel/tcg: Revert mapping of PCREL translation block to multiple virtual addresses Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 57/71] tcg/s390x: Fix encoding of VRIc, VRSa, VRSc insns Michael Tokarev
2024-01-28 17:50 ` Michael Tokarev [this message]
2024-01-28 17:50 ` [Stable-8.2.1 59/71] block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 60/71] linux-user: Fixed cpu restore with pc 0 on SIGBUS Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 61/71] linux-user/riscv: Adjust vdso signal frame cfa offsets Michael Tokarev
2024-03-03 10:33   ` Andreas Schwab
2024-03-03 11:06     ` Andreas Schwab
2024-03-03 12:58     ` Michael Tokarev
2024-03-03 15:11       ` Andreas Schwab
2024-03-06  4:27     ` Alistair Francis
2024-03-06 11:31       ` Andreas Schwab
2024-03-28 13:41       ` Andreas Schwab
2024-01-28 17:50 ` [Stable-8.2.1 62/71] tcg/arm: Fix SIGILL in tcg_out_qemu_st_direct Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 63/71] virtio-net: correctly copy vnet header when flushing TX Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 64/71] block/blklogwrites: Fix a bug when logging "write zeroes" operations Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 65/71] iotests: add filter_qmp_generated_node_ids() Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 66/71] iotests: port 141 to Python for reliable QMP testing Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 67/71] monitor: only run coroutine commands in qemu_aio_context Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 68/71] qtest: bump aspeed_smc-test timeout to 6 minutes Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 69/71] target/xtensa: fix OOB TLB entry access Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 70/71] target/arm: Fix A64 scalar SQSHRN and SQRSHRN Michael Tokarev
2024-01-28 17:50 ` [Stable-8.2.1 71/71] target/arm: Fix incorrect aa64_tidcp1 feature check Michael Tokarev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240128175035.812352-4-mjt@tls.msk.ru \
    --to=mjt@tls.msk.ru \
    --cc=akihiko.odaki@daynix.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-stable@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.