Fix data race with slh_first field in test-aio-multithread

[PATCH] Fix data race with slh_first field in test-aio-multithread

Vitalii Mordan posted 1 patch 7 months, 2 weeks ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250402101917.3345464-1-mordan@ispras.ru

include/qemu/queue.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Expand all Fold all

[PATCH] Fix data race with slh_first field in test-aio-multithread

Posted by Vitalii Mordan 7 months, 2 weeks ago

This patch addresses potential data races involving access to the
slh_first field in the QSLIST_INSERT_HEAD_ATOMIC macro.

Fixes: c740ad92d0 ("QSLIST: add lock-free operations")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2902
Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
---
 include/qemu/queue.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index e029e7bf66..b0dbc3c6e2 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -217,7 +217,8 @@ struct {                                                                \
 #define QSLIST_INSERT_HEAD_ATOMIC(head, elm, field) do {                     \
         typeof(elm) save_sle_next;                                           \
         do {                                                                 \
-            save_sle_next = (elm)->field.sle_next = (head)->slh_first;       \
+            save_sle_next = qatomic_read(&(head)->slh_first);                \
+            (elm)->field.sle_next = save_sle_next;                           \
         } while (qatomic_cmpxchg(&(head)->slh_first, save_sle_next, (elm)) !=\
                  save_sle_next);                                             \
 } while (/*CONSTCOND*/0)
-- 
2.34.1