qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] monitor: Protect outbuf from concurrent access

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH] monitor: Protect outbuf from concurrent access
Date: Thu, 01 Sep 2011 20:34:35 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10 
On 09/01/2011 02:35 PM, Luiz Capitulino wrote:

Sometimes, when having lots of VMs running on a RHEV host and the user
attempts to close a SPICE window, libvirt will get corrupted json from
QEMU.

After some investigation, I found out that the problem is that different
SPICE threads are calling monitor functions (such as
monitor_protocol_event()) in parallel which causes concurrent access
to the monitor's internal buffer outbuf[].

This fixes the problem by protecting accesses to outbuf[] with a mutex.

Honestly speaking, I'm not completely sure this the best thing to do
because the monitor itself and other qemu subsystems are not thread safe,
so having subsystems like SPICE assuming the contrary seems a bit
catastrophic to me...

Anyways, this commit fixes the problem at hand.


Nack.
This is absolutely a Spice bug. Spice should not be calling into QEMU code from multiple threads. It should only call into QEMU code while it's holding the qemu_mutex.
The right way to fix this is probably to make all of the SpiceCoreInterface callbacks simply write to a file descriptor which can then wake up QEMU to do the operation on behalf of it. It's ugly but the libspice interface is far too tied to QEMU internals in the first place which is the root of the problem. 

Regards,

Anthony Liguori



Signed-off-by: Luiz Capitulino<address@hidden>
---
  monitor.c |   16 +++++++++++++++-
  1 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/monitor.c b/monitor.c
index 04f465a..61d4d93 100644
--- a/monitor.c
+++ b/monitor.c
@@ -57,6 +57,7 @@
  #include "json-parser.h"
  #include "osdep.h"
  #include "cpu.h"
+#include "qemu-thread.h"
  #ifdef CONFIG_SIMPLE_TRACE
  #include "trace.h"
  #endif
@@ -144,6 +145,7 @@ struct Monitor {
      int suspend_cnt;
      uint8_t outbuf[1024];
      int outbuf_index;
+    QemuMutex mutex;
      ReadLineState *rs;
      MonitorControl *mc;
      CPUState *mon_cpu;
@@ -246,10 +248,14 @@ static int monitor_read_password(Monitor *mon, 
ReadLineFunc *readline_func,

  void monitor_flush(Monitor *mon)
  {
+    qemu_mutex_lock(&mon->mutex);
+
      if (mon&&  mon->outbuf_index != 0&&  !mon->mux_out) {
          qemu_chr_fe_write(mon->chr, mon->outbuf, mon->outbuf_index);
          mon->outbuf_index = 0;
      }
+
+    qemu_mutex_unlock(&mon->mutex);
  }

  /* flush at every end of line or if the buffer is full */
@@ -257,6 +263,8 @@ static void monitor_puts(Monitor *mon, const char *str)
  {
      char c;

+    qemu_mutex_lock(&mon->mutex);
+
      for(;;) {
          c = *str++;
          if (c == '\0')
@@ -265,9 +273,14 @@ static void monitor_puts(Monitor *mon, const char *str)
              mon->outbuf[mon->outbuf_index++] = '\r';
          mon->outbuf[mon->outbuf_index++] = c;
          if (mon->outbuf_index>= (sizeof(mon->outbuf) - 1)
-            || c == '\n')
+            || c == '\n') {
+            qemu_mutex_unlock(&mon->mutex);
              monitor_flush(mon);
+            qemu_mutex_lock(&mon->mutex);
+        }
      }
+
+    qemu_mutex_unlock(&mon->mutex);
  }

  void monitor_vprintf(Monitor *mon, const char *fmt, va_list ap)
@@ -5275,6 +5288,7 @@ void monitor_init(CharDriverState *chr, int flags)

      mon = g_malloc0(sizeof(*mon));

+    qemu_mutex_init(&mon->mutex);
      mon->chr = chr;
      mon->flags = flags;
      if (flags&  MONITOR_USE_READLINE) {
reply via email to
[Prev in Thread] Current Thread [Next in Thread]