[Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition

Andrey Shinkevich posted 2 patches 4 years, 7 months ago
Test FreeBSD passed
Test docker-mingw@fedora passed
Test asan passed
Test docker-clang@ubuntu passed
Test checkpatch passed
Test s390x failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1565625509-404969-1-git-send-email-andrey.shinkevich@virtuozzo.com
Maintainers: "Marc-André Lureau" <marcandre.lureau@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>
chardev/char-socket.c | 16 +++++++++++++---
io/task.c             |  1 +
2 files changed, 14 insertions(+), 3 deletions(-)
[Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition
Posted by Andrey Shinkevich 4 years, 7 months ago
This fixes a race condition in which the tcp_chr_read() ioc handler
can close a connection that is being written to from another thread.

v4:
    The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
    because the callback is invoked after the call to object_property_del_all()
    so, the "chardev" object had been deleted and the segmentation fault occurs.
    Let's please apply the Alberto's simplified series to avoid the race condition.

v3:
    See the email thread with the Message ID
    <cover.1550842915.git.berto@igalia.com>

Alberto Garcia (2):
  main-loop: Fix GSource leak in qio_task_thread_worker()
  char-socket: Lock tcp_chr_disconnect()

 chardev/char-socket.c | 16 +++++++++++++---
 io/task.c             |  1 +
 2 files changed, 14 insertions(+), 3 deletions(-)

-- 
1.8.3.1


Re: [Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition
Posted by Paolo Bonzini 4 years, 7 months ago
On 12/08/19 17:58, Andrey Shinkevich wrote:
> This fixes a race condition in which the tcp_chr_read() ioc handler
> can close a connection that is being written to from another thread.
> 
> v4:
>     The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
>     because the callback is invoked after the call to object_property_del_all()
>     so, the "chardev" object had been deleted and the segmentation fault occurs.
>     Let's please apply the Alberto's simplified series to avoid the race condition.
> 
> v3:
>     See the email thread with the Message ID
>     <cover.1550842915.git.berto@igalia.com>
> 
> Alberto Garcia (2):
>   main-loop: Fix GSource leak in qio_task_thread_worker()
>   char-socket: Lock tcp_chr_disconnect()
> 
>  chardev/char-socket.c | 16 +++++++++++++---
>  io/task.c             |  1 +
>  2 files changed, 14 insertions(+), 3 deletions(-)
> 

Queued, thanks.

Paolo

Re: [Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition
Posted by Andrey Shinkevich 4 years, 7 months ago

On 21/08/2019 11:18, Paolo Bonzini wrote:
> On 12/08/19 17:58, Andrey Shinkevich wrote:
>> This fixes a race condition in which the tcp_chr_read() ioc handler
>> can close a connection that is being written to from another thread.
>>
>> v4:
>>      The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
>>      because the callback is invoked after the call to object_property_del_all()
>>      so, the "chardev" object had been deleted and the segmentation fault occurs.
>>      Let's please apply the Alberto's simplified series to avoid the race condition.
>>
>> v3:
>>      See the email thread with the Message ID
>>      <cover.1550842915.git.berto@igalia.com>
>>
>> Alberto Garcia (2):
>>    main-loop: Fix GSource leak in qio_task_thread_worker()
>>    char-socket: Lock tcp_chr_disconnect()
>>
>>   chardev/char-socket.c | 16 +++++++++++++---
>>   io/task.c             |  1 +
>>   2 files changed, 14 insertions(+), 3 deletions(-)
>>
> 
> Queued, thanks.
> 
> Paolo
> 
Thanks you all too.
Andrey
-- 
With the best regards,
Andrey Shinkevich