From nobody Thu Dec 18 19:27:59 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1496864811199103.43296444869407; Wed, 7 Jun 2017 12:46:51 -0700 (PDT) Received: from localhost ([::1]:45590 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfOd-0007zy-S1 for importer@patchew.org; Wed, 07 Jun 2017 14:09:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58668) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfMx-0006j5-Es for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIfMw-00049Z-Fn for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34810) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dIfMw-00047p-9J for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:46 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6256A3DBE5; Wed, 7 Jun 2017 18:07:45 +0000 (UTC) Received: from localhost (ovpn-117-84.ams2.redhat.com [10.36.117.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4F4E017547; Wed, 7 Jun 2017 18:07:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6256A3DBE5 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=stefanha@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 6256A3DBE5 From: Stefan Hajnoczi To: Date: Wed, 7 Jun 2017 19:07:32 +0100 Message-Id: <20170607180736.11011-2-stefanha@redhat.com> In-Reply-To: <20170607180736.11011-1-stefanha@redhat.com> References: <20170607180736.11011-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 07 Jun 2017 18:07:45 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.9 1/5] oslib: strip trailing '\n' from error_setg() string argument X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Philippe Mathieu-Daud=C3=A9 spotted by Coccinelle script scripts/coccinelle/err-bad-newline.cocci Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Eric Blake Reviewed-by: Laurent Vivier Signed-off-by: Stefan Hajnoczi --- util/oslib-posix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 7e28c16..9ab2eb2 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -400,7 +400,7 @@ void os_mem_prealloc(int fd, char *area, size_t memory,= int smp_cpus, /* touch pages simultaneously */ if (touch_all_pages(area, hpagesize, numpages, smp_cpus)) { error_setg(errp, "os_mem_prealloc: Insufficient free host memory " - "pages available to allocate guest RAM\n"); + "pages available to allocate guest RAM"); } =20 ret =3D sigaction(SIGBUS, &oldact, NULL); --=20 2.9.4 From nobody Thu Dec 18 19:27:59 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 149686464366681.69379192041185; Wed, 7 Jun 2017 12:44:03 -0700 (PDT) Received: from localhost ([::1]:45591 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfOg-00082I-I0 for importer@patchew.org; Wed, 07 Jun 2017 14:09:34 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58692) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfMz-0006jT-6y for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIfMy-0004Ar-CN for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40626) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dIfMy-0004AT-6T for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:48 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4824E85A07; Wed, 7 Jun 2017 18:07:47 +0000 (UTC) Received: from localhost (ovpn-117-84.ams2.redhat.com [10.36.117.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 987A317566; Wed, 7 Jun 2017 18:07:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4824E85A07 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=stefanha@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4824E85A07 From: Stefan Hajnoczi To: Date: Wed, 7 Jun 2017 19:07:33 +0100 Message-Id: <20170607180736.11011-3-stefanha@redhat.com> In-Reply-To: <20170607180736.11011-1-stefanha@redhat.com> References: <20170607180736.11011-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 07 Jun 2017 18:07:47 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.9 2/5] coccinelle: fix typo in comment X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Eric Blake Signed-off-by: Stefan Hajnoczi --- scripts/coccinelle/return_directly.cocci | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/coccinelle/return_directly.cocci b/scripts/coccinelle/= return_directly.cocci index 48680f2..4cf50e7 100644 --- a/scripts/coccinelle/return_directly.cocci +++ b/scripts/coccinelle/return_directly.cocci @@ -1,4 +1,4 @@ -// replace 'R =3D X; return R;' with 'return R;' +// replace 'R =3D X; return R;' with 'return X;' @@ identifier VAR; expression E; --=20 2.9.4 From nobody Thu Dec 18 19:27:59 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 14968633812971003.5258984078531; Wed, 7 Jun 2017 12:23:01 -0700 (PDT) Received: from localhost ([::1]:45604 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfQW-0001Ys-1h for importer@patchew.org; Wed, 07 Jun 2017 14:11:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58706) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfN1-0006nC-92 for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIfN0-0004Bq-6f for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34938) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dIfN0-0004Bg-0z for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:50 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1FA703DBEC; Wed, 7 Jun 2017 18:07:49 +0000 (UTC) Received: from localhost (ovpn-117-84.ams2.redhat.com [10.36.117.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id A3DE67BB4A; Wed, 7 Jun 2017 18:07:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1FA703DBEC Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=stefanha@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 1FA703DBEC From: Stefan Hajnoczi To: Date: Wed, 7 Jun 2017 19:07:34 +0100 Message-Id: <20170607180736.11011-4-stefanha@redhat.com> In-Reply-To: <20170607180736.11011-1-stefanha@redhat.com> References: <20170607180736.11011-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 07 Jun 2017 18:07:49 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.9 3/5] .gdbinit: load QEMU sub-commands when gdb starts X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The scripts/qemu-gdb.py file is not easily discoverable. Add a .gdbinit file so GDB either loads qemu-gdb.py automatically or prints a message informing the user how to enable them (some systems disable ./.gdbinit loading for security reasons). Symlink .gdbinit and the scripts directory in order to make out-of-tree builds work. The scripts directory is used to find the qemu-gdb.py file specified by a relative path in .gdbinit. Suggested-by: Eric Blake Signed-off-by: Stefan Hajnoczi Reviewed-by: Alex Benn=C3=A9e Reviewed-by: Philippe Mathieu-Daud=C3=A9 Tested-by: Eric Blake Message-id: 20170517124042.1430-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- configure | 1 + .gdbinit | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 .gdbinit diff --git a/configure b/configure index 13e040d..2203b98 100755 --- a/configure +++ b/configure @@ -6376,6 +6376,7 @@ FILES=3D"$FILES pc-bios/spapr-rtas/Makefile" FILES=3D"$FILES pc-bios/s390-ccw/Makefile" FILES=3D"$FILES roms/seabios/Makefile roms/vgabios/Makefile" FILES=3D"$FILES pc-bios/qemu-icon.bmp" +FILES=3D"$FILES .gdbinit scripts" # scripts needed by relative path in .gd= binit for bios_file in \ $source_path/pc-bios/*.bin \ $source_path/pc-bios/*.lid \ diff --git a/.gdbinit b/.gdbinit new file mode 100644 index 0000000..9d322fc --- /dev/null +++ b/.gdbinit @@ -0,0 +1,8 @@ +# GDB may have ./.gdbinit loading disabled by default. In that case you c= an +# follow the instructions it prints. They boil down to adding the followi= ng to +# your home directory's ~/.gdbinit file: +# +# add-auto-load-safe-path /path/to/qemu/.gdbinit + +# Load QEMU-specific sub-commands and settings +source scripts/qemu-gdb.py --=20 2.9.4 From nobody Thu Dec 18 19:27:59 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1496864834366768.6637400420267; Wed, 7 Jun 2017 12:47:14 -0700 (PDT) Received: from localhost ([::1]:45592 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfOz-0008Im-56 for importer@patchew.org; Wed, 07 Jun 2017 14:09:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58767) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfNB-0006xa-7d for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:08:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIfN7-0004DI-1s for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:08:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35142) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dIfN6-0004D0-Ph for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:07:56 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DD4163D970; Wed, 7 Jun 2017 18:07:55 +0000 (UTC) Received: from localhost (ovpn-117-84.ams2.redhat.com [10.36.117.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7DE2217114; Wed, 7 Jun 2017 18:07:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com DD4163D970 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=stefanha@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com DD4163D970 From: Stefan Hajnoczi To: Date: Wed, 7 Jun 2017 19:07:35 +0100 Message-Id: <20170607180736.11011-5-stefanha@redhat.com> In-Reply-To: <20170607180736.11011-1-stefanha@redhat.com> References: <20170607180736.11011-1-stefanha@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 07 Jun 2017 18:07:56 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.9 4/5] coroutine-lock: do not touch coroutine after another one has been entered X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Fam Zheng , Roman Pen , Stefan Hajnoczi , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Roman Pen Submission of requests on linux aio is a bit tricky and can lead to requests completions on submission path: 44713c9e8547 ("linux-aio: Handle io_submit() failure gracefully") 0ed93d84edab ("linux-aio: process completions from ioq_submit()") That means that any coroutine which has been yielded in order to wait for completion can be resumed from submission path and be eventually terminated (freed). The following use-after-free crash was observed when IO throttling was enabled: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f5813dff700 (LWP 56417)] virtqueue_unmap_sg (elem=3D0x7f5804009a30, len=3D1, vq=3D) = at virtio.c:252 (gdb) bt #0 virtqueue_unmap_sg (elem=3D0x7f5804009a30, len=3D1, vq=3D) at virtio.c:252 ^^^^^^^^^^^^^^ remember the address #1 virtqueue_fill (vq=3D0x5598b20d21b0, elem=3D0x7f5804009a30, len=3D1, i= dx=3D0) at virtio.c:282 #2 virtqueue_push (vq=3D0x5598b20d21b0, elem=3Delem@entry=3D0x7f5804009a3= 0, len=3D) at virtio.c:308 #3 virtio_blk_req_complete (req=3Dreq@entry=3D0x7f5804009a30, status=3Dst= atus@entry=3D0 '\000') at virtio-blk.c:61 #4 virtio_blk_rw_complete (opaque=3D, ret=3D0) at virtio-b= lk.c:126 #5 blk_aio_complete (acb=3D0x7f58040068d0) at block-backend.c:923 #6 coroutine_trampoline (i0=3D, i1=3D) at c= oroutine-ucontext.c:78 (gdb) p * elem $8 =3D {index =3D 77, out_num =3D 2, in_num =3D 1, in_addr =3D 0x7f5804009ad8, out_addr =3D 0x7f5804009ae0, in_sg =3D 0x0, out_sg =3D 0x7f5804009a50} ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 'in_sg' and 'out_sg' are invalid. e.g. it is impossible that 'in_sg' is zero, instead its value must be equal to: (gdb) p/x 0x7f5804009ad8 + sizeof(elem->in_addr[0]) + 2 * sizeof(ele= m->out_addr[0]) $26 =3D 0x7f5804009af0 Seems 'elem' was corrupted. Meanwhile another thread raised an abort: Thread 12 (Thread 0x7f57f2ffd700 (LWP 56426)): #0 raise () from /lib/x86_64-linux-gnu/libc.so.6 #1 abort () from /lib/x86_64-linux-gnu/libc.so.6 #2 qemu_coroutine_enter (co=3D0x7f5804009af0) at qemu-coroutine.c:113 #3 qemu_co_queue_run_restart (co=3D0x7f5804009a30) at qemu-coroutine-lock= .c:60 #4 qemu_coroutine_enter (co=3D0x7f5804009a30) at qemu-coroutine.c:119 ^^^^^^^^^^^^^^^^^^ WTF?? this is equal to elem from crashed thread #5 qemu_co_queue_run_restart (co=3D0x7f57e7f16ae0) at qemu-coroutine-lock= .c:60 #6 qemu_coroutine_enter (co=3D0x7f57e7f16ae0) at qemu-coroutine.c:119 #7 qemu_co_queue_run_restart (co=3D0x7f5807e112a0) at qemu-coroutine-lock= .c:60 #8 qemu_coroutine_enter (co=3D0x7f5807e112a0) at qemu-coroutine.c:119 #9 qemu_co_queue_run_restart (co=3D0x7f5807f17820) at qemu-coroutine-lock= .c:60 #10 qemu_coroutine_enter (co=3D0x7f5807f17820) at qemu-coroutine.c:119 #11 qemu_co_queue_run_restart (co=3D0x7f57e7f18e10) at qemu-coroutine-lock= .c:60 #12 qemu_coroutine_enter (co=3D0x7f57e7f18e10) at qemu-coroutine.c:119 #13 qemu_co_enter_next (queue=3Dqueue@entry=3D0x5598b1e742d0) at qemu-coro= utine-lock.c:106 #14 timer_cb (blk=3D0x5598b1e74280, is_write=3D) at throttl= e-groups.c:419 Crash can be explained by access of 'co' object from the loop inside qemu_co_queue_run_restart(): while ((next =3D QSIMPLEQ_FIRST(&co->co_queue_wakeup))) { QSIMPLEQ_REMOVE_HEAD(&co->co_queue_wakeup, co_queue_next); ^^^^^^^^^^^^^^^^^^^^ on each iteration 'co' is accessed, but 'co' can be already freed qemu_coroutine_enter(next); } When 'next' coroutine is resumed (entered) it can in its turn resume 'co', and eventually free it. That's why we see 'co' (which was freed) has the same address as 'elem' from the first backtrace. The fix is obvious: use temporary queue and do not touch coroutine after first qemu_coroutine_enter() is invoked. The issue is quite rare and happens every ~12 hours on very high IO and CPU load (building linux kernel with -j512 inside guest) when IO throttling is enabled. With the fix applied guest is running ~35 hours and is still alive so far. Signed-off-by: Roman Pen Reviewed-by: Stefan Hajnoczi Message-id: 20170601160847.23720-1-roman.penyaev@profitbricks.com Cc: Paolo Bonzini Cc: Fam Zheng Cc: Stefan Hajnoczi Cc: Kevin Wolf Cc: qemu-devel@nongnu.org Signed-off-by: Stefan Hajnoczi --- util/qemu-coroutine-lock.c | 19 +++++++++++++++++-- util/qemu-coroutine.c | 5 +++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c index 6328eed..b44b5d5 100644 --- a/util/qemu-coroutine-lock.c +++ b/util/qemu-coroutine-lock.c @@ -77,10 +77,25 @@ void coroutine_fn qemu_co_queue_wait(CoQueue *queue, Co= Mutex *mutex) void qemu_co_queue_run_restart(Coroutine *co) { Coroutine *next; + QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =3D + QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup); =20 trace_qemu_co_queue_run_restart(co); - while ((next =3D QSIMPLEQ_FIRST(&co->co_queue_wakeup))) { - QSIMPLEQ_REMOVE_HEAD(&co->co_queue_wakeup, co_queue_next); + + /* Because "co" has yielded, any coroutine that we wakeup can resume i= t. + * If this happens and "co" terminates, co->co_queue_wakeup becomes + * invalid memory. Therefore, use a temporary queue and do not touch + * the "co" coroutine as soon as you enter another one. + * + * In its turn resumed "co" can pupulate "co_queue_wakeup" queue with + * new coroutines to be woken up. The caller, who has resumed "co", + * will be responsible for traversing the same queue, which may cause + * a different wakeup order but not any missing wakeups. + */ + QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup); + + while ((next =3D QSIMPLEQ_FIRST(&tmp_queue_wakeup))) { + QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next); qemu_coroutine_enter(next); } } diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c index 486af9a..d6095c1 100644 --- a/util/qemu-coroutine.c +++ b/util/qemu-coroutine.c @@ -126,6 +126,11 @@ void qemu_aio_coroutine_enter(AioContext *ctx, Corouti= ne *co) =20 qemu_co_queue_run_restart(co); =20 + /* Beware, if ret =3D=3D COROUTINE_YIELD and qemu_co_queue_run_restart= () + * has started any other coroutine, "co" might have been reentered + * and even freed by now! So be careful and do not touch it. + */ + switch (ret) { case COROUTINE_YIELD: return; --=20 2.9.4 From nobody Thu Dec 18 19:27:59 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1496864803429580.626504252801; Wed, 7 Jun 2017 12:46:43 -0700 (PDT) Received: from localhost ([::1]:45605 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfQi-0001q3-DA for importer@patchew.org; Wed, 07 Jun 2017 14:11:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58778) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dIfNC-0006yl-Kj for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:08:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dIfNB-0004G3-5x for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:08:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60202) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dIfNA-0004Fa-TG for qemu-devel@nongnu.org; Wed, 07 Jun 2017 14:08:01 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 082DD20264; Wed, 7 Jun 2017 18:08:00 +0000 (UTC) Received: from localhost (ovpn-117-84.ams2.redhat.com [10.36.117.84]) by smtp.corp.redhat.com (Postfix) with ESMTP id 74F1760F92; Wed, 7 Jun 2017 18:07:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 082DD20264 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=stefanha@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 082DD20264 From: Stefan Hajnoczi To: Date: Wed, 7 Jun 2017 19:07:36 +0100 Message-Id: <20170607180736.11011-6-stefanha@redhat.com> In-Reply-To: <20170607180736.11011-1-stefanha@redhat.com> References: <20170607180736.11011-1-stefanha@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 07 Jun 2017 18:08:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL for-2.9 5/5] configure: split c and cxx extra flags X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Stefan Hajnoczi , Bruno Dominguez Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Bruno Dominguez There was no possibility to add specific cxx flags using the configure file. So A new entrance has been created to support it. Duplication of information in configure and rules.mak. Taking QEMU_CFLAGS and add them to QEMU_CXXFLAGS, now the value of QEMU_CXXFLAGS is stored in config-host.mak, so there is no need for it. The makefile for libvixl was adding flags for QEMU_CXXFLAGS in QEMU_CFLAGS because of the addition in rules.mak. That was removed, so adding them where it should be. Signed-off-by: Bruno Dominguez Reviewed-by: Stefan Hajnoczi Message-id: 1496754467-20893-1-git-send-email-bru.dominguez@gmail.com Signed-off-by: Stefan Hajnoczi --- configure | 74 +++++++++++++++++++++++++----------------= ---- disas/libvixl/Makefile.objs | 4 +-- rules.mak | 3 -- 3 files changed, 44 insertions(+), 37 deletions(-) diff --git a/configure b/configure index 2203b98..98012ab 100755 --- a/configure +++ b/configure @@ -91,7 +91,8 @@ update_cxxflags() { # Set QEMU_CXXFLAGS from QEMU_CFLAGS by filtering out those # options which some versions of GCC's C++ compiler complain about # because they only make sense for C programs. - QEMU_CXXFLAGS=3D + QEMU_CXXFLAGS=3D"$QEMU_CXXFLAGS -D__STDC_LIMIT_MACROS" + for arg in $QEMU_CFLAGS; do case $arg in -Wstrict-prototypes|-Wmissing-prototypes|-Wnested-externs|\ @@ -345,6 +346,9 @@ for opt do --extra-cflags=3D*) QEMU_CFLAGS=3D"$QEMU_CFLAGS $optarg" EXTRA_CFLAGS=3D"$optarg" ;; + --extra-cxxflags=3D*) QEMU_CXXFLAGS=3D"$QEMU_CXXFLAGS $optarg" + EXTRA_CXXFLAGS=3D"$optarg" + ;; --extra-ldflags=3D*) LDFLAGS=3D"$LDFLAGS $optarg" EXTRA_LDFLAGS=3D"$optarg" ;; @@ -788,6 +792,8 @@ for opt do ;; --extra-cflags=3D*) ;; + --extra-cxxflags=3D*) + ;; --extra-ldflags=3D*) ;; --enable-debug-info) @@ -1305,6 +1311,7 @@ Advanced options (experts only): --cxx=3DCXX use C++ compiler CXX [$cxx] --objcc=3DOBJCC use Objective-C compiler OBJCC [$objcc] --extra-cflags=3DCFLAGS append extra C compiler flags QEMU_CFLAGS + --extra-cxxflags=3DCXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS --extra-ldflags=3DLDFLAGS append extra linker flags LDFLAGS --make=3DMAKE use specified make [$make] --install=3DINSTALL use specified install [$install] @@ -1490,37 +1497,6 @@ if test "$bogus_os" =3D "yes"; then error_exit "Unrecognized host OS $targetos" fi =20 -# Check that the C++ compiler exists and works with the C compiler -if has $cxx; then - cat > $TMPC < $TMPCXX < $TMPC < $TMPCXX <> $config_host_mak echo "extra_cflags=3D$EXTRA_CFLAGS" >> $config_host_mak +echo "extra_cxxflags=3D$EXTRA_CXXFLAGS" >> $config_host_mak echo "extra_ldflags=3D$EXTRA_LDFLAGS" >> $config_host_mak echo "qemu_localedir=3D$qemu_localedir" >> $config_host_mak echo "libs_softmmu=3D$libs_softmmu" >> $config_host_mak @@ -5911,6 +5920,7 @@ echo "WINDRES=3D$windres" >> $config_host_mak echo "CFLAGS=3D$CFLAGS" >> $config_host_mak echo "CFLAGS_NOPIE=3D$CFLAGS_NOPIE" >> $config_host_mak echo "QEMU_CFLAGS=3D$QEMU_CFLAGS" >> $config_host_mak +echo "QEMU_CXXFLAGS=3D$QEMU_CXXFLAGS" >> $config_host_mak echo "QEMU_INCLUDES=3D$QEMU_INCLUDES" >> $config_host_mak if test "$sparse" =3D "yes" ; then echo "CC :=3D REAL_CC=3D\"\$(CC)\" cgcc" >> $config_host= _mak diff --git a/disas/libvixl/Makefile.objs b/disas/libvixl/Makefile.objs index 860fb7f..27183b7 100644 --- a/disas/libvixl/Makefile.objs +++ b/disas/libvixl/Makefile.objs @@ -6,9 +6,9 @@ libvixl_OBJS =3D vixl/utils.o \ =20 # The -Wno-sign-compare is needed only for gcc 4.6, which complains about # some signed-unsigned equality comparisons which later gcc versions do no= t. -$(addprefix $(obj)/,$(libvixl_OBJS)): QEMU_CFLAGS :=3D -I$(SRC_PATH)/disas= /libvixl $(QEMU_CFLAGS) -Wno-sign-compare +$(addprefix $(obj)/,$(libvixl_OBJS)): QEMU_CXXFLAGS :=3D -I$(SRC_PATH)/dis= as/libvixl $(QEMU_CXXFLAGS) -Wno-sign-compare # Ensure that C99 macros are defined regardless of the inclusion order of # headers in vixl. This is required at least on NetBSD. -$(addprefix $(obj)/,$(libvixl_OBJS)): QEMU_CFLAGS +=3D -D__STDC_CONSTANT_M= ACROS -D__STDC_LIMIT_MACROS -D__STDC_FORMAT_MACROS +$(addprefix $(obj)/,$(libvixl_OBJS)): QEMU_CXXFLAGS +=3D -D__STDC_CONSTANT= _MACROS -D__STDC_FORMAT_MACROS =20 common-obj-$(CONFIG_ARM_A64_DIS) +=3D $(libvixl_OBJS) diff --git a/rules.mak b/rules.mak index 1c0eabb..2a2fb72 100644 --- a/rules.mak +++ b/rules.mak @@ -20,9 +20,6 @@ MAKEFLAGS +=3D -rR %.mak: clean-target: =20 -# Flags for C++ compilation -QEMU_CXXFLAGS =3D -D__STDC_LIMIT_MACROS $(filter-out -Wstrict-prototypes -= Wmissing-prototypes -Wnested-externs -Wold-style-declaration -Wold-style-de= finition -Wredundant-decls, $(QEMU_CFLAGS)) - # Flags for dependency generation QEMU_DGFLAGS +=3D -MMD -MP -MT $@ -MF $(@D)/$(*F).d =20 --=20 2.9.4