From nobody Fri Nov 7 01:57:38 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1545319320822266.066789931368; Thu, 20 Dec 2018 07:22:00 -0800 (PST) Received: from localhost ([::1]:38173 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ga099-0007RN-Bj for importer@patchew.org; Thu, 20 Dec 2018 10:21:59 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53421) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ga07n-0006lw-93 for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ga07k-00060Z-6d for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:35 -0500 Received: from mail-ed1-x544.google.com ([2a00:1450:4864:20::544]:40332) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ga07k-0005zO-0C for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:32 -0500 Received: by mail-ed1-x544.google.com with SMTP id g22so2055558edr.7 for ; Thu, 20 Dec 2018 07:20:31 -0800 (PST) Received: from mocramis-ultrabook.localdomain ([178.208.16.32]) by smtp.gmail.com with ESMTPSA id f35sm6606853edd.80.2018.12.20.07.20.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Dec 2018 07:20:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blade-group.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H18RmlP2dIwZkeae7noniR82FbmEKq9yfjZ0miMoonY=; b=IrslB/1jG+hO2e9ehOQ9qy/ju1dKtedXN403KrPvZPKG0J9yh/LSxsTheGzojiOYOy q3jfR1tBNMM3L/pjU0DRh5xDlxXUZ6dPF0M/zwckWtdgMP2zfDDkSO96pkAlUUaw461A QjLxEB24AeAm5b/xR5u53SPVASevi9J8EcUUvaUtyj3WXxLJJmwmsgLgxf6i4KnJIvHT Fm0jLTZbH9vCBZSpXG76nHt5NUr5vH8TFNrwt37Yf7VPpWoR5JFxQmyQTcKartxga/U0 FvHAggX961GoVBD3xABYyHH1UFqgMLZFDuI9XUBjVbNO2OuA8fwakkebamJHA/Gjvtgo 9Cmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H18RmlP2dIwZkeae7noniR82FbmEKq9yfjZ0miMoonY=; b=J3+mOiteML2Mo1j8PIJy4QMF2Iy+EFy1CcQ/pTlb7xrhMFEfWh4bPg4ZYzsjHt8nyN 2LMKX8qzjrshMqtQkmVOhrHokHA0BKpWmo5l3hKaKO9cxALeXU2ouwWs+2PBBp0xcilE x8bCEyiO5R0FXDz9K2HIJJQubcsCNc2YlD8tKYn8mNXjoge/Ppgoxg3JfgPwJbVHytO1 DZFQi1eDEsejKejrtQY7Xde3rBtH44/CYSWtshxsovntQviG1akL5VxGsMxej+CaHuzs aMocb4EnudciYO/8MIRCGdvrhp9nG2G0FXaR08gpd7BXrp10k/oHllWAdce9/zLo61af gWWg== X-Gm-Message-State: AA+aEWaAYOE4NhPstR22fu1o/ueKaajkeVLJeBKNIAWHGI72QbzFe349 TVp4wsJt+/KgCR2duskDvkmWnfNyVHU1zw== X-Google-Smtp-Source: AFSGD/VhFy30UtWM5XUYog08+T57QMI4J7kMEjRr+utJp+65ELfKN5IPk+okaGPui6xt0r5AaCBtBQ== X-Received: by 2002:a17:906:7087:: with SMTP id b7-v6mr19563725ejk.194.1545319230673; Thu, 20 Dec 2018 07:20:30 -0800 (PST) From: remy.noel@blade-group.com To: qemu-devel@nongnu.org Date: Thu, 20 Dec 2018 16:20:29 +0100 Message-Id: <20181220152030.28035-2-remy.noel@blade-group.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181220152030.28035-1-remy.noel@blade-group.com> References: <20181220152030.28035-1-remy.noel@blade-group.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::544 Subject: [Qemu-devel] [QEMU-devel][PATCH v4 1/2] aio-posix: Unregister fd from ctx epoll when removing fd_handler. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Remy Noel , Fam Zheng , "open list:Block I/O path" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Remy Noel Cleaning the events will cause aio_epoll_update to unregister the fd. Otherwise, the fd is kept registered until it is destroyed. Signed-off-by: Remy Noel Reviewed-by: Paolo Bonzini Reviewed-by: Stefan Hajnoczi --- util/aio-posix.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/aio-posix.c b/util/aio-posix.c index 51c41ed3c9..a927319d2c 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -245,6 +245,9 @@ void aio_set_fd_handler(AioContext *ctx, QLIST_REMOVE(node, node); deleted =3D true; } + /* Clean events in order to unregister fd from the ctx epoll. */ + node->pfd.events =3D 0; + poll_disable_change =3D -!node->io_poll; } else { poll_disable_change =3D !io_poll - (node && !node->io_poll); --=20 2.19.2 From nobody Fri Nov 7 01:57:38 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1545319408642623.6014603323596; Thu, 20 Dec 2018 07:23:28 -0800 (PST) Received: from localhost ([::1]:38181 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ga0AZ-0008M3-5Q for importer@patchew.org; Thu, 20 Dec 2018 10:23:27 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53451) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ga07w-0006uC-US for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ga07u-0006Co-HW for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:44 -0500 Received: from mail-ed1-x542.google.com ([2a00:1450:4864:20::542]:37654) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ga07u-0006AX-2x for qemu-devel@nongnu.org; Thu, 20 Dec 2018 10:20:42 -0500 Received: by mail-ed1-x542.google.com with SMTP id h15so2074504edb.4 for ; Thu, 20 Dec 2018 07:20:42 -0800 (PST) Received: from mocramis-ultrabook.localdomain ([178.208.16.32]) by smtp.gmail.com with ESMTPSA id f35sm6606853edd.80.2018.12.20.07.20.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Dec 2018 07:20:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blade-group.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zCq6nee5gwuX8otONPJPEMJ8Rq9leEgwkcinfqKCUXM=; b=MvKiOF97OYFaHjeRDzNgRnWyGWw+qQsJEcT/FdsijqjAEM3tr63u/4hh74cGupr0dd bYWir23wusavZeE7rW0WRKE65mfSoAhk18LM724HmNDzseH1N+FCJytAS4pHB8uPK+kJ SHfw+J3Nq3AoGd2WFZNtz/L5SjDaDimdc96HEeZyuDm80MoZeUqtBdCUbcKjVuVU3O2X 9PJqYqyt3dytLo/nqi110IjtXp+MQP7xppmYnz9M9w9TWV5VbLXgMp7bVQE6IHioLqeX N3QGCejyJyigN6qGUDYV42bCcmctwcxxp0+F+Wa3a6NcpsHJysaY3lr5GTium29hpOtH sTJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zCq6nee5gwuX8otONPJPEMJ8Rq9leEgwkcinfqKCUXM=; b=bUzvVfwJpUmP4+LzWIvz2VynVUalyJzEoNkq5QXLjcQ9YLTLv5aigFa2V7Ci8eUjj0 srhHGUjefN81KYy+LgNfYUrezdIEzEUiAVX23H6ApMw4DjBux5rwXA5OhUVd3S13rgFr ohpjT/XXnl/qOlrOs2jjVBmDEW6TmVvrAOsqBItHmqKeCLz6zOLRjs9A7NB1BfiZLTkr 46gff+1CMxox75dg2NG+IDrUeJ7Y/i+hI1ClzRCE3q6oKMrbs3I7PWKxFGLS5MrTgo4I 8o27XGlRFUOWfpE/SARph2giLqtL85o+j4x7jDyg8rqHmQ5O0i5MZALkYdPRabIkqddv nFTA== X-Gm-Message-State: AA+aEWYKeFC8WBX/P0w5uLVa6vuAx+TOlfdOGvxY/O+YqgZs0aiKQhNo g+vJZkQ3LROfxhnzPkfKBICBYlK5Hlhtvw== X-Google-Smtp-Source: AFSGD/V7WoM+I3U/pUg2uzn37+unSLgtmUuBKvqw+PO0f5w6Eq93Ro+tPYzmlCXzLRHDqZ7k3DR+TA== X-Received: by 2002:a17:906:cd2:: with SMTP id l18-v6mr19243859ejh.97.1545319239788; Thu, 20 Dec 2018 07:20:39 -0800 (PST) From: remy.noel@blade-group.com To: qemu-devel@nongnu.org Date: Thu, 20 Dec 2018 16:20:30 +0100 Message-Id: <20181220152030.28035-3-remy.noel@blade-group.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181220152030.28035-1-remy.noel@blade-group.com> References: <20181220152030.28035-1-remy.noel@blade-group.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::542 Subject: [Qemu-devel] [QEMU-devel][PATCH v4 2/2] aio-posix: Fix concurrent aio_poll/set_fd_handler. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fam Zheng , "open list:Block I/O path" , Stefan Weil , Remy Noel , Stefan Hajnoczi , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Remy Noel It is possible for an io_poll callback to be concurrently executed along with an aio_set_fd_handlers. This can cause all sorts of problems, like a NULL callback or a bad opaque pointer. This changes set_fd_handlers so that it no longer modify existing handlers entries and instead, always insert those after having proper initialisation. Tested-by: Stefan Hajnoczi Signed-off-by: Remy Noel Reviewed-by: Paolo Bonzini Reviewed-by: Stefan Hajnoczi --- util/aio-posix.c | 89 ++++++++++++++++++++++++++++-------------------- util/aio-win32.c | 67 ++++++++++++++++-------------------- 2 files changed, 82 insertions(+), 74 deletions(-) diff --git a/util/aio-posix.c b/util/aio-posix.c index a927319d2c..8640dfde9f 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -200,6 +200,31 @@ static AioHandler *find_aio_handler(AioContext *ctx, i= nt fd) return NULL; } =20 +static bool aio_remove_fd_handler(AioContext *ctx, AioHandler *node) +{ + /* If the GSource is in the process of being destroyed then + * g_source_remove_poll() causes an assertion failure. Skip + * removal in that case, because glib cleans up its state during + * destruction anyway. + */ + if (!g_source_is_destroyed(&ctx->source)) { + g_source_remove_poll(&ctx->source, &node->pfd); + } + + /* If a read is in progress, just mark the node as deleted */ + if (qemu_lockcnt_count(&ctx->list_lock)) { + node->deleted =3D 1; + node->pfd.revents =3D 0; + return false; + } + /* Otherwise, delete it for real. We can't just mark it as + * deleted because deleted nodes are only cleaned up while + * no one is walking the handlers list. + */ + QLIST_REMOVE(node, node); + return true; +} + void aio_set_fd_handler(AioContext *ctx, int fd, bool is_external, @@ -209,6 +234,7 @@ void aio_set_fd_handler(AioContext *ctx, void *opaque) { AioHandler *node; + AioHandler *new_node =3D NULL; bool is_new =3D false; bool deleted =3D false; int poll_disable_change; @@ -223,28 +249,6 @@ void aio_set_fd_handler(AioContext *ctx, qemu_lockcnt_unlock(&ctx->list_lock); return; } - - /* If the GSource is in the process of being destroyed then - * g_source_remove_poll() causes an assertion failure. Skip - * removal in that case, because glib cleans up its state during - * destruction anyway. - */ - if (!g_source_is_destroyed(&ctx->source)) { - g_source_remove_poll(&ctx->source, &node->pfd); - } - - /* If a read is in progress, just mark the node as deleted */ - if (qemu_lockcnt_count(&ctx->list_lock)) { - node->deleted =3D 1; - node->pfd.revents =3D 0; - } else { - /* Otherwise, delete it for real. We can't just mark it as - * deleted because deleted nodes are only cleaned up while - * no one is walking the handlers list. - */ - QLIST_REMOVE(node, node); - deleted =3D true; - } /* Clean events in order to unregister fd from the ctx epoll. */ node->pfd.events =3D 0; =20 @@ -252,24 +256,32 @@ void aio_set_fd_handler(AioContext *ctx, } else { poll_disable_change =3D !io_poll - (node && !node->io_poll); if (node =3D=3D NULL) { - /* Alloc and insert if it's not already there */ - node =3D g_new0(AioHandler, 1); - node->pfd.fd =3D fd; - QLIST_INSERT_HEAD_RCU(&ctx->aio_handlers, node, node); - - g_source_add_poll(&ctx->source, &node->pfd); is_new =3D true; } + /* Alloc and insert if it's not already there */ + new_node =3D g_new0(AioHandler, 1); =20 /* Update handler with latest information */ - node->io_read =3D io_read; - node->io_write =3D io_write; - node->io_poll =3D io_poll; - node->opaque =3D opaque; - node->is_external =3D is_external; + new_node->io_read =3D io_read; + new_node->io_write =3D io_write; + new_node->io_poll =3D io_poll; + new_node->opaque =3D opaque; + new_node->is_external =3D is_external; + + if (is_new) { + new_node->pfd.fd =3D fd; + } else { + new_node->pfd =3D node->pfd; + } + g_source_add_poll(&ctx->source, &new_node->pfd); + + new_node->pfd.events =3D (io_read ? G_IO_IN | G_IO_HUP | G_IO_ERR = : 0); + new_node->pfd.events |=3D (io_write ? G_IO_OUT | G_IO_ERR : 0); =20 - node->pfd.events =3D (io_read ? G_IO_IN | G_IO_HUP | G_IO_ERR : 0); - node->pfd.events |=3D (io_write ? G_IO_OUT | G_IO_ERR : 0); + QLIST_INSERT_HEAD_RCU(&ctx->aio_handlers, new_node, node); + } + if (node) { + deleted =3D aio_remove_fd_handler(ctx, node); } =20 /* No need to order poll_disable_cnt writes against other updates; @@ -281,7 +293,12 @@ void aio_set_fd_handler(AioContext *ctx, atomic_set(&ctx->poll_disable_cnt, atomic_read(&ctx->poll_disable_cnt) + poll_disable_change); =20 - aio_epoll_update(ctx, node, is_new); + if (new_node) { + aio_epoll_update(ctx, new_node, is_new); + } else if (node) { + /* Unregister deleted fd_handler */ + aio_epoll_update(ctx, node, false); + } qemu_lockcnt_unlock(&ctx->list_lock); aio_notify(ctx); =20 diff --git a/util/aio-win32.c b/util/aio-win32.c index c58957cc4b..a23b9c364d 100644 --- a/util/aio-win32.c +++ b/util/aio-win32.c @@ -35,6 +35,22 @@ struct AioHandler { QLIST_ENTRY(AioHandler) node; }; =20 +static void aio_remove_fd_handler(AioContext *ctx, AioHandler *node) +{ + /* If aio_poll is in progress, just mark the node as deleted */ + if (qemu_lockcnt_count(&ctx->list_lock)) { + node->deleted =3D 1; + node->pfd.revents =3D 0; + } else { + /* Otherwise, delete it for real. We can't just mark it as + * deleted because deleted nodes are only cleaned up after + * releasing the list_lock. + */ + QLIST_REMOVE(node, node); + g_free(node); + } +} + void aio_set_fd_handler(AioContext *ctx, int fd, bool is_external, @@ -44,41 +60,23 @@ void aio_set_fd_handler(AioContext *ctx, void *opaque) { /* fd is a SOCKET in our case */ - AioHandler *node; + AioHandler *old_node; + AioHandler *node =3D NULL; =20 qemu_lockcnt_lock(&ctx->list_lock); - QLIST_FOREACH(node, &ctx->aio_handlers, node) { - if (node->pfd.fd =3D=3D fd && !node->deleted) { + QLIST_FOREACH(old_node, &ctx->aio_handlers, node) { + if (old_node->pfd.fd =3D=3D fd && !old_node->deleted) { break; } } =20 - /* Are we deleting the fd handler? */ - if (!io_read && !io_write) { - if (node) { - /* If aio_poll is in progress, just mark the node as deleted */ - if (qemu_lockcnt_count(&ctx->list_lock)) { - node->deleted =3D 1; - node->pfd.revents =3D 0; - } else { - /* Otherwise, delete it for real. We can't just mark it as - * deleted because deleted nodes are only cleaned up after - * releasing the list_lock. - */ - QLIST_REMOVE(node, node); - g_free(node); - } - } - } else { + if (io_read || io_write) { HANDLE event; long bitmask =3D 0; =20 - if (node =3D=3D NULL) { - /* Alloc and insert if it's not already there */ - node =3D g_new0(AioHandler, 1); - node->pfd.fd =3D fd; - QLIST_INSERT_HEAD_RCU(&ctx->aio_handlers, node, node); - } + /* Alloc and insert if it's not already there */ + node =3D g_new0(AioHandler, 1); + node->pfd.fd =3D fd; =20 node->pfd.events =3D 0; if (node->io_read) { @@ -104,9 +102,13 @@ void aio_set_fd_handler(AioContext *ctx, bitmask |=3D FD_WRITE | FD_CONNECT; } =20 + QLIST_INSERT_HEAD_RCU(&ctx->aio_handlers, node, node); event =3D event_notifier_get_handle(&ctx->notifier); WSAEventSelect(node->pfd.fd, event, bitmask); } + if (old_node) { + aio_remove_fd_handler(ctx, old_node); + } =20 qemu_lockcnt_unlock(&ctx->list_lock); aio_notify(ctx); @@ -139,18 +141,7 @@ void aio_set_event_notifier(AioContext *ctx, if (node) { g_source_remove_poll(&ctx->source, &node->pfd); =20 - /* aio_poll is in progress, just mark the node as deleted */ - if (qemu_lockcnt_count(&ctx->list_lock)) { - node->deleted =3D 1; - node->pfd.revents =3D 0; - } else { - /* Otherwise, delete it for real. We can't just mark it as - * deleted because deleted nodes are only cleaned up after - * releasing the list_lock. - */ - QLIST_REMOVE(node, node); - g_free(node); - } + aio_remove_fd_handler(ctx, node); } } else { if (node =3D=3D NULL) { --=20 2.19.2