[PATCH 12/31] contrib/plugins: Use GRWLock in execlog

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 12/31] contrib/plugins: Use GRWLock in execlog

From:	Alex Bennée
Subject:	[PATCH 12/31] contrib/plugins: Use GRWLock in execlog
Date:	Mon, 25 Sep 2023 15:48:35 +0100

From: Akihiko Odaki <akihiko.odaki@daynix.com>

execlog had the following comment:
> As we could have multiple threads trying to do this we need to
> serialise the expansion under a lock. Threads accessing already
> created entries can continue without issue even if the ptr array
> gets reallocated during resize.

However, when the ptr array gets reallocated, the other threads may have
a stale reference to the old buffer. This results in use-after-free.

Use GRWLock to properly fix this issue.

Fixes: 3d7caf145e ("contrib/plugins: add execlog to log instruction execution 
and memory access")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230912224107.29669-5-akihiko.odaki@daynix.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
 contrib/plugins/execlog.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
index 7129d526f8..82dc2f584e 100644
--- a/contrib/plugins/execlog.c
+++ b/contrib/plugins/execlog.c
@@ -19,7 +19,7 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_version = 
QEMU_PLUGIN_VERSION;
 
 /* Store last executed instruction on each vCPU as a GString */
 static GPtrArray *last_exec;
-static GMutex expand_array_lock;
+static GRWLock expand_array_lock;
 
 static GPtrArray *imatches;
 static GArray *amatches;
@@ -28,18 +28,16 @@ static GArray *amatches;
  * Expand last_exec array.
  *
  * As we could have multiple threads trying to do this we need to
- * serialise the expansion under a lock. Threads accessing already
- * created entries can continue without issue even if the ptr array
- * gets reallocated during resize.
+ * serialise the expansion under a lock.
  */
 static void expand_last_exec(int cpu_index)
 {
-    g_mutex_lock(&expand_array_lock);
+    g_rw_lock_writer_lock(&expand_array_lock);
     while (cpu_index >= last_exec->len) {
         GString *s = g_string_new(NULL);
         g_ptr_array_add(last_exec, s);
     }
-    g_mutex_unlock(&expand_array_lock);
+    g_rw_lock_writer_unlock(&expand_array_lock);
 }
 
 /**
@@ -51,8 +49,10 @@ static void vcpu_mem(unsigned int cpu_index, 
qemu_plugin_meminfo_t info,
     GString *s;
 
     /* Find vCPU in array */
+    g_rw_lock_reader_lock(&expand_array_lock);
     g_assert(cpu_index < last_exec->len);
     s = g_ptr_array_index(last_exec, cpu_index);
+    g_rw_lock_reader_unlock(&expand_array_lock);
 
     /* Indicate type of memory access */
     if (qemu_plugin_mem_is_store(info)) {
@@ -80,10 +80,14 @@ static void vcpu_insn_exec(unsigned int cpu_index, void 
*udata)
     GString *s;
 
     /* Find or create vCPU in array */
+    g_rw_lock_reader_lock(&expand_array_lock);
     if (cpu_index >= last_exec->len) {
+        g_rw_lock_reader_unlock(&expand_array_lock);
         expand_last_exec(cpu_index);
+        g_rw_lock_reader_lock(&expand_array_lock);
     }
     s = g_ptr_array_index(last_exec, cpu_index);
+    g_rw_lock_reader_unlock(&expand_array_lock);
 
     /* Print previous instruction in cache */
     if (s->len) {
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 10/31] gdbstub: Fix target.xml response, (continued)
- [PATCH 10/31] gdbstub: Fix target.xml response, Alex Bennée, 2023/09/25
- [PATCH 06/31] configure: allow user to override docker engine, Alex Bennée, 2023/09/25
- [PATCH 04/31] docs: mark CRIS support as deprecated, Alex Bennée, 2023/09/25
  - Re: [PATCH 04/31] docs: mark CRIS support as deprecated, Daniel P . Berrangé, 2023/09/25
  - Re: [PATCH 04/31] docs: mark CRIS support as deprecated, Daniel P . Berrangé, 2023/09/25
    - Re: [PATCH 04/31] docs: mark CRIS support as deprecated, Alex Bennée, 2023/09/25
  - Re: [PATCH 04/31] docs: mark CRIS support as deprecated, Alex Bennée, 2023/09/25
- [PATCH 05/31] tests/docker: make docker engine choice entirely configure driven, Alex Bennée, 2023/09/25
  - Re: [PATCH 05/31] tests/docker: make docker engine choice entirely configure driven, Paolo Bonzini, 2023/09/25
- [PATCH 07/31] configure: remove gcc version suffixes, Alex Bennée, 2023/09/25
- [PATCH 12/31] contrib/plugins: Use GRWLock in execlog, Alex Bennée <=
- [PATCH 08/31] configure: ensure dependency for cross-compile setup, Alex Bennée, 2023/09/25
  - Re: [PATCH 08/31] configure: ensure dependency for cross-compile setup, Paolo Bonzini, 2023/09/25
    - Re: [PATCH 08/31] configure: ensure dependency for cross-compile setup, Alex Bennée, 2023/09/25
    - Re: [PATCH 08/31] configure: ensure dependency for cross-compile setup, Paolo Bonzini, 2023/09/25
    - Re: [PATCH 08/31] configure: ensure dependency for cross-compile setup, Peter Maydell, 2023/09/25
- [PATCH 13/31] gdbstub: Introduce GDBFeature structure, Alex Bennée, 2023/09/25
- [PATCH 14/31] target/arm: Move the reference to arm-core.xml, Alex Bennée, 2023/09/25
- [PATCH 15/31] hw/core/cpu: Return static value with gdb_arch_name(), Alex Bennée, 2023/09/25
- [PATCH 11/31] plugins: Check if vCPU is realized, Alex Bennée, 2023/09/25
- [PATCH 19/31] gdbstub: Remove gdb_has_xml variable, Alex Bennée, 2023/09/25

Prev by Date: [PATCH 07/31] configure: remove gcc version suffixes
Next by Date: [PATCH 08/31] configure: ensure dependency for cross-compile setup
Previous by thread: [PATCH 07/31] configure: remove gcc version suffixes
Next by thread: [PATCH 08/31] configure: ensure dependency for cross-compile setup
Index(es):
- Date
- Thread