aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Xu <peterx@redhat.com>2018-07-20 11:34:51 +0800
committerMarkus Armbruster <armbru@redhat.com>2018-07-23 14:00:03 +0200
commit62aa1d887ff9fc76adb488d31447d126a78f4b8f (patch)
tree533c2c0548a00c39b9e0a6d6516bb416492e09e2
parent25b1ef31db30a7dace4d3a485f0a3b3c7285a795 (diff)
downloadqemu-62aa1d887ff9fc76adb488d31447d126a78f4b8f.zip
qemu-62aa1d887ff9fc76adb488d31447d126a78f4b8f.tar.gz
qemu-62aa1d887ff9fc76adb488d31447d126a78f4b8f.tar.bz2
monitor: Fix unsafe sharing of @cur_mon among threads
@cur_mon is null unless the main thread is running monitor code, either HMP code within monitor_read(), or QMP code within monitor_qmp_dispatch(). Use of @cur_mon outside the main thread is therefore unsafe. Most of its uses are in monitor command handlers. These run in the main thread. However, there are also uses hiding elsewhere, such as in error_vprintf(), and thus error_report(), making these functions unsafe outside the main thread. No such unsafe uses are known at this time. Regardless, this is an unnecessary trap. It's an ancient trap, though. More recently, commit cf869d53172 "qmp: support out-of-band (oob) execution" spiced things up: the monitor I/O thread assigns to @cur_mon when executing commands out-of-band. Having two threads save, set and restore @cur_mon without synchronization is definitely unsafe. We can end up with @cur_mon null while the main thread runs monitor code, or non-null while it runs non-monitor code. We could fix this by making the I/O thread not mess with @cur_mon, but that would leave the trap armed and ready. Instead, make @cur_mon thread-local. It's now reliably null unless the thread is running monitor code. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [peterx: update subject and commit message written by Markus] Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180720033451.32710-1-peterx@redhat.com>
-rw-r--r--include/monitor/monitor.h2
-rw-r--r--monitor.c2
-rw-r--r--stubs/monitor.c2
-rw-r--r--tests/test-util-sockets.c2
4 files changed, 4 insertions, 4 deletions
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
index d6ab70c..2ef5e04 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -6,7 +6,7 @@
#include "qapi/qapi-types-misc.h"
#include "qemu/readline.h"
-extern Monitor *cur_mon;
+extern __thread Monitor *cur_mon;
/* flags for monitor_init */
/* 0x01 unused */
diff --git a/monitor.c b/monitor.c
index be29634..f75027b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -290,7 +290,7 @@ static mon_cmd_t info_cmds[];
QmpCommandList qmp_commands, qmp_cap_negotiation_commands;
-Monitor *cur_mon;
+__thread Monitor *cur_mon;
static void monitor_command_cb(void *opaque, const char *cmdline,
void *readline_opaque);
diff --git a/stubs/monitor.c b/stubs/monitor.c
index e018c8f..3890771 100644
--- a/stubs/monitor.c
+++ b/stubs/monitor.c
@@ -3,7 +3,7 @@
#include "qemu-common.h"
#include "monitor/monitor.h"
-Monitor *cur_mon = NULL;
+__thread Monitor *cur_mon;
int monitor_get_fd(Monitor *mon, const char *name, Error **errp)
{
diff --git a/tests/test-util-sockets.c b/tests/test-util-sockets.c
index acadd85..6195a3a 100644
--- a/tests/test-util-sockets.c
+++ b/tests/test-util-sockets.c
@@ -69,7 +69,7 @@ int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp)
* stubs/monitor.c is defined, to make sure monitor.o is discarded
* otherwise we get duplicate syms at link time.
*/
-Monitor *cur_mon;
+__thread Monitor *cur_mon;
void monitor_init(Chardev *chr, int flags) {}