[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] chardev's and fd's in monitors
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] chardev's and fd's in monitors |
Date: |
Thu, 20 Oct 2016 09:34:36 +0100 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Wed, Oct 19, 2016 at 10:51:07PM +0200, Paolo Bonzini wrote:
>
>
> On 19/10/2016 19:01, Dr. David Alan Gilbert wrote:
> > * Paolo Bonzini (address@hidden) wrote:
> >>
> >>
> >> On 18/10/2016 16:01, Daniel P. Berrange wrote:
> >>>>>
> >>>>> I already use error_report's in places in migration threads of various
> >>>>> types; I'm not sure if that's a problem.
> >>> Unless those places are protected by the big qemu lock, that sounds
> >>> not good. error_report calls into error_vprintf which checks the
> >>> 'cur_mon' global "Monitor" pointer. This variable is updated at
> >>> runtime - eg in qmp_human_monitor_command(), monitor_qmp_read(),
> >>> monitor_read(), etc. So if migration threads outside the BQL are
> >>> calling error_report() that could well cause problems. If you
> >>> are lucky messages will merely end up going to stderr instead of
> >>> the monitor, but in worst case I wouldn't be surprised if there
> >>> is a crash possibility in some race conditions.
> >>
> >> Writes to chardevs *are* thread-safe (assuming qio_channel_create_watch
> >> is thread-safe; it seems to be).
> >
> > Hmm that's useful (although it doesn't solve error_report because
> > error_vprintf
> > is racy itself).
>
> How is it racy? Because of the case where cur_mon changes under the
> feet of error_vprintf? I guess that can be ignored for now (just a TODO
> comment will do).
Yes, the usage of cur_mon is unsafe as there's a TOCTOU race in
there that I believe can result in a NULL pointer crash.
eg these two methods:
static inline bool monitor_is_qmp(const Monitor *mon)
{
return (mon->flags & MONITOR_USE_CONTROL);
}
bool monitor_cur_is_qmp(void)
{
return cur_mon && monitor_is_qmp(cur_mon);
}
In using error_vprintf() from a non-main thread and not holding
the big QEMU lock, then 'cur_mon' can change between time we
check that its non-NULL, and when accessing cur_mon->flags.
Admittedly its a rare race - you could have to have an error
being reported by background migration, concurrently with a
monitor command being invoked, but that will hit someone
eventually unless I'm missing some synchronization somewhere.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
- Re: [Qemu-devel] chardev's and fd's in monitors, (continued)
- Re: [Qemu-devel] chardev's and fd's in monitors, Markus Armbruster, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Dr. David Alan Gilbert, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Daniel P. Berrange, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Markus Armbruster, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Daniel P. Berrange, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Dr. David Alan Gilbert, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Daniel P. Berrange, 2016/10/20
- Re: [Qemu-devel] chardev's and fd's in monitors, Paolo Bonzini, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Dr. David Alan Gilbert, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors, Paolo Bonzini, 2016/10/19
- Re: [Qemu-devel] chardev's and fd's in monitors,
Daniel P. Berrange <=
Re: [Qemu-devel] chardev's and fd's in monitors, Markus Armbruster, 2016/10/18
Re: [Qemu-devel] chardev's and fd's in monitors, Daniel P. Berrange, 2016/10/18