From nobody Mon Feb 9 21:21:37 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=huawei.com ARC-Seal: i=1; a=rsa-sha256; t=1664375175; cv=none; d=zohomail.com; s=zohoarc; b=Wb7hO7Vj8aNt7DiC+1XpWHgRPX2/XbQ45WpyAKnF4eklFURpJdAgYW+ZcDWGJ+rRAstmCBQ4OhGk4LnQ5dPDABHd+tFCBWrjPTcWl1vVz/2Rc9W3GxDSL5ClrTY159Z789F2fnAZ9PLLdG5BSyxZg7+0qNKqmzsL6VdqGk2JKJY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664375175; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=o9M8EEyMvzE9vS/FtuOiNG8wA1qY4nQJ3bgoo7S40OA=; b=Y5oTkW5CrOpfbQWdiAIkAZVKyfdniFbYxeT4Ub7i2DqweyGcU1uQp2nM+1kIOB4mf6B7/KXZ7E3ijPl6ANM8DMV8rurUoxVTQAvBfSA6/OUIh0GWJnyrF8/KPRDDdnP+Zj03N9Bg5Hipb/RCYsy5NpreqtxCfsTHLnkkrOMw/5k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=quarantine dis=quarantine) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1664375175754217.08087932035517; Wed, 28 Sep 2022 07:26:15 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-192-1GoKIEmUNrOwqlTWaeJFeA-1; Wed, 28 Sep 2022 10:25:11 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3846F3C0D848; Wed, 28 Sep 2022 14:25:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 23D107AE5; Wed, 28 Sep 2022 14:25:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 053451946A45; Wed, 28 Sep 2022 14:25:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id BAC8319465B1 for ; Wed, 28 Sep 2022 14:12:27 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id ABF30403C03F; Wed, 28 Sep 2022 14:12:27 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A29D403C02B for ; Wed, 28 Sep 2022 14:12:27 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EE5C0186E3A6 for ; Wed, 28 Sep 2022 14:05:53 +0000 (UTC) Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-628-TpWeOQ-QOEK_DKodkMSd8A-1; Wed, 28 Sep 2022 10:05:50 -0400 Received: from dggpeml500022.china.huawei.com (unknown [172.30.72.55]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4Mcyr65p6bzHqQC for ; Wed, 28 Sep 2022 22:03:02 +0800 (CST) Received: from localhost.localdomain (10.175.124.27) by dggpeml500022.china.huawei.com (7.185.36.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Wed, 28 Sep 2022 22:05:19 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1664375114; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=o9M8EEyMvzE9vS/FtuOiNG8wA1qY4nQJ3bgoo7S40OA=; b=ADIMcecq9C5nwjMu1h1YwPjfdMjmz8u/u8yjOO/LqllRy9NnEC5rr9NXnug40I2VjvykXN 4j9BD91+d8Xhp3NyBMK3VdFLBY0GYTclpziS1te1jfnPBRpDuqQXx3YKNDnBTKojWKCHIt q65l5JfZLn8fpBM74dgHBK4nNkatb7I= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1664375174; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=o9M8EEyMvzE9vS/FtuOiNG8wA1qY4nQJ3bgoo7S40OA=; b=G7D1+5o8kwJFjODJfbgvxzjO+3fEjTjOYTiSBG24k7bSZ9+L87LqdOF/wWHrGLkf9ZXWau yYBQd/cgmrxBpJQzRzCcrc+JQCvu3U+0F+hhopGbSh38248n9e0Vltd1AyvClT+ekDIMwB ECti1zWOo0HxuzmfTVKxP6S94qEhG1o= X-MC-Unique: 1GoKIEmUNrOwqlTWaeJFeA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: TpWeOQ-QOEK_DKodkMSd8A-1 From: Jiang Jiacheng To: Subject: [PATCH 2/3] qemu: get the stackManager lock before getting nested lock Date: Wed, 28 Sep 2022 21:53:29 +0800 Message-ID: <20220928135330.2868549-3-jiangjiacheng@huawei.com> In-Reply-To: <20220928135330.2868549-1-jiangjiacheng@huawei.com> References: <20220928135330.2868549-1-jiangjiacheng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.124.27] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggpeml500022.china.huawei.com (7.185.36.66) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: yubihong@huawei.com, zhengchuan@huawei.com, linyilu@huawei.com, jiangjiacheng@huawei.com, xiexiangyou@huawei.com Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) (identity @redhat.com) X-ZM-MESSAGEID: 1664375177026100001 Content-Type: text/plain; charset="utf-8" When creating a VM by forking, there is a logic that get the lock of StacksecurityManager before get other nested lock to avoid deadlock between child process and thread of the parent. While in `virQEMUDriverCreateCapabilities` and `qemuDomainGetSecurityLabelList`, we get nested lock without getting the StacksecurityManager lock, which will result in deadlock in some concurrent scenarios. It is better to keep the logical in these funcitons same as others. Signed-off-by: Jiang Jiacheng --- src/qemu/qemu_conf.c | 6 +++++- src/qemu/qemu_driver.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 3b75cdeb95..745d3e6a5e 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -1331,6 +1331,7 @@ virCaps *virQEMUDriverCreateCapabilities(virQEMUDrive= r *driver) =20 caps->host.secModels =3D g_new0(virCapsHostSecModel, caps->host.nsecMo= dels); =20 + virObjectLock(driver->securityManager); for (i =3D 0; sec_managers[i]; i++) { virCapsHostSecModel *sm =3D &caps->host.secModels[i]; doi =3D qemuSecurityGetDOI(sec_managers[i]); @@ -1342,14 +1343,17 @@ virCaps *virQEMUDriverCreateCapabilities(virQEMUDri= ver *driver) lbl =3D qemuSecurityGetBaseLabel(sec_managers[i], virtTypes[j]= ); type =3D virDomainVirtTypeToString(virtTypes[j]); if (lbl && - virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0) + virCapabilitiesHostSecModelAddBaseLabel(sm, type, lbl) < 0= ) { + virObjectUnlock(driver->securityManager); return NULL; + } } =20 VIR_DEBUG("Initialized caps for security driver \"%s\" with " "DOI \"%s\"", model, doi); } =20 + virObjectUnlock(driver->securityManager); caps->host.numa =3D virCapabilitiesHostNUMANewHost(); caps->host.cpu =3D virQEMUDriverGetHostCPU(driver); return g_steal_pointer(&caps); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 707f4cc1bb..9fb5f1d653 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -5848,15 +5848,18 @@ static int qemuDomainGetSecurityLabelList(virDomain= Ptr dom, (*seclabels) =3D g_new0(virSecurityLabel, len); memset(*seclabels, 0, sizeof(**seclabels) * len); =20 + virObjectLock(driver->securityManager); /* Fill the array */ for (i =3D 0; i < len; i++) { if (qemuSecurityGetProcessLabel(mgrs[i], vm->def, vm->pid, &(*seclabels)[i]) < 0) { VIR_FREE(mgrs); VIR_FREE(*seclabels); + virObjectUnlock(driver->securityManager); goto cleanup; } } + virObjectUnlock(driver->securityManager); ret =3D len; VIR_FREE(mgrs); } --=20 2.33.0