[v4,0/2] char-socket: Fix race condition

Message ID	1565625509-404969-1-git-send-email-andrey.shinkevich@virtuozzo.com (mailing list archive)
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> To: qemu-devel@nongnu.org Date: Mon, 12 Aug 2019 18:58:27 +0300 Message-Id: <1565625509-404969-1-git-send-email-andrey.shinkevich@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition Precedence: list Cc: vsementsov@virtuozzo.com, berrange@redhat.com, berto@igalia.com, marcandre.lureau@redhat.com, andrey.shinkevich@virtuozzo.com, pbonzini@redhat.com, den@openvz.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	char-socket: Fix race condition \| expand [v4,0/2] char-socket: Fix race condition [v4,1/2] main-loop: Fix GSource leak in qio_task_thread_worker() [v4,2/2] char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()

Message ID

1565625509-404969-1-git-send-email-andrey.shinkevich@virtuozzo.com (mailing list archive)

Headers

From: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
To: qemu-devel@nongnu.org
Date: Mon, 12 Aug 2019 18:58:27 +0300
Message-Id: 
 <1565625509-404969-1-git-send-email-andrey.shinkevich@virtuozzo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] [PATCH v4 0/2] char-socket: Fix race condition
Precedence: list
Cc: vsementsov@virtuozzo.com, berrange@redhat.com, berto@igalia.com,
 marcandre.lureau@redhat.com, andrey.shinkevich@virtuozzo.com,
 pbonzini@redhat.com, den@openvz.org
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

char-socket: Fix race condition | expand

Message

Andrey Shinkevich Aug. 12, 2019, 3:58 p.m. UTC

This fixes a race condition in which the tcp_chr_read() ioc handler
can close a connection that is being written to from another thread.

v4:
    The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
    because the callback is invoked after the call to object_property_del_all()
    so, the "chardev" object had been deleted and the segmentation fault occurs.
    Let's please apply the Alberto's simplified series to avoid the race condition.

v3:
    See the email thread with the Message ID
    <cover.1550842915.git.berto@igalia.com>

Alberto Garcia (2):
  main-loop: Fix GSource leak in qio_task_thread_worker()
  char-socket: Lock tcp_chr_disconnect()

 chardev/char-socket.c | 16 +++++++++++++---
 io/task.c             |  1 +
 2 files changed, 14 insertions(+), 3 deletions(-)

Comments

Paolo Bonzini Aug. 21, 2019, 8:18 a.m. UTC | #1

On 12/08/19 17:58, Andrey Shinkevich wrote:
> This fixes a race condition in which the tcp_chr_read() ioc handler
> can close a connection that is being written to from another thread.
> 
> v4:
>     The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
>     because the callback is invoked after the call to object_property_del_all()
>     so, the "chardev" object had been deleted and the segmentation fault occurs.
>     Let's please apply the Alberto's simplified series to avoid the race condition.
> 
> v3:
>     See the email thread with the Message ID
>     <cover.1550842915.git.berto@igalia.com>
> 
> Alberto Garcia (2):
>   main-loop: Fix GSource leak in qio_task_thread_worker()
>   char-socket: Lock tcp_chr_disconnect()
> 
>  chardev/char-socket.c | 16 +++++++++++++---
>  io/task.c             |  1 +
>  2 files changed, 14 insertions(+), 3 deletions(-)
> 

Queued, thanks.

Paolo

Andrey Shinkevich Aug. 21, 2019, 9:51 a.m. UTC | #2

On 21/08/2019 11:18, Paolo Bonzini wrote:
> On 12/08/19 17:58, Andrey Shinkevich wrote:
>> This fixes a race condition in which the tcp_chr_read() ioc handler
>> can close a connection that is being written to from another thread.
>>
>> v4:
>>      The functions qemu_idle_add() and tcp_chr_be_event_closed() were removed
>>      because the callback is invoked after the call to object_property_del_all()
>>      so, the "chardev" object had been deleted and the segmentation fault occurs.
>>      Let's please apply the Alberto's simplified series to avoid the race condition.
>>
>> v3:
>>      See the email thread with the Message ID
>>      <cover.1550842915.git.berto@igalia.com>
>>
>> Alberto Garcia (2):
>>    main-loop: Fix GSource leak in qio_task_thread_worker()
>>    char-socket: Lock tcp_chr_disconnect()
>>
>>   chardev/char-socket.c | 16 +++++++++++++---
>>   io/task.c             |  1 +
>>   2 files changed, 14 insertions(+), 3 deletions(-)
>>
> 
> Queued, thanks.
> 
> Paolo
> 
Thanks you all too.
Andrey