Re: [Qemu-devel] Segfaults in chardev due to races

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Segfaults in chardev due to races

From:	Max Reitz
Subject:	Re: [Qemu-devel] Segfaults in chardev due to races
Date:	Wed, 23 Jan 2019 16:33:14 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

On 22.12.18 10:17, Paolo Bonzini wrote:
> On 21/12/18 23:31, Max Reitz wrote:
>> I suppose the issue is that QMP events are sent by one thread, and
>> client disconnects are handled by a different one.  So if a QMP event is
>> sent while a client disconnects concurrently, races may occur; and the
>> only protection against concurrent access appears to be the
>> chr_write_lock, which I don't think is enough.
> 
> I think disconnection (tcp_chr_disconnect) has to take the
> chr_write_lock too.

That seems to fix the issue for me (can also be reproduced by running
iotest 169 in parallel), but how should this be implemented?  I suppose
tcp_chr_disconnect() can't really take the lock itself, because it's
called by tcp_chr_write() which is invoked with the lock held.

Max

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Segfaults in chardev due to races, Max Reitz <=

Prev by Date: Re: [Qemu-devel] [PATCH v2] hw/vfio/common: Refactor container initialization
Next by Date: Re: [Qemu-devel] [RFC PATCH v4 07/44] hw/mips/Makefile.objs: Create CONFIG_* for r4k, malta, mipssim boards
Previous by thread: Re: [Qemu-devel] [PATCH v5 00/11] backup-top filter driver for backup
Next by thread: [Qemu-devel] [PATCH v4] hw/vfio/common: Refactor container initialization
Index(es):
- Date
- Thread