[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 04/11] aio: introduce aio_co_schedule
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [PATCH 04/11] aio: introduce aio_co_schedule |
|
Date: |
Tue, 19 Apr 2016 15:31:49 +0100 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Fri, Apr 15, 2016 at 01:31:59PM +0200, Paolo Bonzini wrote:
> @@ -255,6 +257,8 @@ aio_ctx_finalize(GSource *source)
> }
> #endif
>
> + qemu_bh_delete(ctx->schedule_bh);
Please include an assertion that the scheduled coroutines list is empty.
> +
> qemu_lockcnt_lock(&ctx->list_lock);
> assert(!qemu_lockcnt_count(&ctx->list_lock));
> while (ctx->first_bh) {
> @@ -335,6 +339,28 @@ static void event_notifier_dummy_cb(EventNotifier *e)
> {
> }
>
> +static void schedule_bh_cb(void *opaque)
> +{
> + AioContext *ctx = opaque;
> + QSLIST_HEAD(, Coroutine) straight, reversed;
> +
> + QSLIST_MOVE_ATOMIC(&reversed, &ctx->scheduled_coroutines);
> + QSLIST_INIT(&straight);
> +
> + while (!QSLIST_EMPTY(&reversed)) {
> + Coroutine *co = QSLIST_FIRST(&reversed);
> + QSLIST_REMOVE_HEAD(&reversed, co_scheduled_next);
> + QSLIST_INSERT_HEAD(&straight, co, co_scheduled_next);
> + }
> +
> + while (!QSLIST_EMPTY(&straight)) {
> + Coroutine *co = QSLIST_FIRST(&straight);
> + QSLIST_REMOVE_HEAD(&straight, co_scheduled_next);
> + trace_aio_schedule_bh_cb(ctx, co);
> + qemu_coroutine_enter(co, NULL);
> + }
> +}
This construct brings to mind the use-after-free case when a scheduled
coroutine terminates before it is entered by this loop:
There are two scheduled Coroutines: A and B. During
qemu_coroutine_enter(A) we enter B. B then terminates by returning from
its main function. Once A yields or terminates we still try to enter
the freed B coroutine.
Unfortunately I don't think we have good debugging or an assertion for
this bug. I'm sure it will occur at some point... Please document
that the coroutine must not be entered by anyone else while
aio_co_schedule() is active.
signature.asc
Description: PGP signature
- [Qemu-devel] [PATCH 03/11] coroutine: delete qemu_co_enter_next, (continued)
- [Qemu-devel] [PATCH 03/11] coroutine: delete qemu_co_enter_next, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 01/11] coroutine: use QSIMPLEQ instead of QTAILQ, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 05/11] coroutine-lock: reschedule coroutine on the AioContext it was running on, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 06/11] coroutine-lock: make CoMutex thread-safe, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 02/11] throttle-groups: restart throttled requests from coroutine context, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 04/11] aio: introduce aio_co_schedule, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 07/11] coroutine-lock: add limited spinning to CoMutex, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 10/11] coroutine-lock: add mutex argument to CoQueue APIs, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 08/11] test-aio-multithread: add performance comparison with thread-based mutexes, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 09/11] coroutine-lock: place CoMutex before CoQueue in header, Paolo Bonzini, 2016/04/15
- [Qemu-devel] [PATCH 11/11] coroutine-lock: make CoRwlock thread-safe and fair, Paolo Bonzini, 2016/04/15
- Re: [Qemu-devel] [RFC PATCH resend 00/11] Make CoMutex/CoQueue/CoRwlock thread-safe, Stefan Hajnoczi, 2016/04/26