[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] thread: move detach_thread from creating thr
From: |
Fam Zheng |
Subject: |
Re: [Qemu-devel] [PATCH v2] thread: move detach_thread from creating thread to created thread |
Date: |
Tue, 28 Nov 2017 11:29:12 +0800 |
User-agent: |
Mutt/1.9.1 (2017-09-22) |
On Tue, 11/28 09:50, linzhecheng wrote:
> If we create a thread with QEMU_THREAD_DETACHED mode, QEMU may get a segfault
> in a low probability.
>
> The backtrace is:
> address@hidden, address@hidden) at util/qemu_thread_posix.c:512
> at io/task.c:141
> address@hidden) at io/channel_socket.c:194
>
> The root cause of this problem is a bug of glibc(version 2.17,the latest
> version have the same bug),
> let's see what happened in glibc's code.
> Here is the code slice of pthread_detach.c
>
> 25 int
> 26 pthread_detach (pthread_t th)
> 27 {
> 28 struct pthread *pd = (struct pthread *) th;
> 29
> 30 /* Make sure the descriptor is valid. */
> 31 if (INVALID_NOT_TERMINATED_TD_P (pd))
> 32 /* Not a valid thread handle. */
> 34 return ESRCH;
> 35
> 36 int result = 0;
> 37 /* Mark the thread as detached. */
> 38 if (atomic_compare_and_exchange_bool_acq (&pd->joinid, pd, NULL))
> 39 {
> 40 /* There are two possibilities here. First, the thread might
> 41 already be detached. In this case we return EINVAL.
> 42 Otherwise there might already be a waiter. The standard does
> 43 not mention what happens in this case. */
> 44 if (IS_DETACHED (pd))
> 45 result = EINVAL;
> 46 }
> 47 else
> 48 /* Check whether the thread terminated meanwhile. In this case we
> 49 will just free the TCB. */
> 50 if ((pd->cancelhandling & EXITING_BITMASK) != 0)
> 51 /* Note that the code in __free_tcb makes sure each thread
> 52 control block is freed only once. */
> 53 __free_tcb (pd);
>
> 54 return result;
> 55}
>
> QEMU get a segfault at line 50, becasue pd is an invalid address.
> pd is still valid at line 38 when set pd->joinid = pd, at this moment,
> created thread is just exiting(only keeps runing for a short time),
> created thread is running in code of start_thread:
>
> 404 /* If the thread is detached free the TCB. */
> 405 if (IS_DETACHED (pd))
> 406 /* Free the TCB. */
> 407 __free_tcb (pd);
> created thread found that pd is detached, so it freed pd, in this case,
> pd became an invalid address.
>
> I rewrite qemu_thread_create to move detach_thread from creating thread to
> created
> to avoid this concurrency problem.
>
> Change-Id: I2293d5be1526241cf58785d701b922f2ffc6491b
> Signed-off-by: linzhecheng <address@hidden>
> ---
> include/qemu/thread-posix.h | 8 ++++++++
> include/qemu/thread.h | 1 +
> util/qemu-thread-posix.c | 45
> ++++++++++++++++++++++++++++++++++-----------
> 3 files changed, 43 insertions(+), 11 deletions(-)
>
> diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
> index f3f47e426f..d855c15dab 100644
> --- a/include/qemu/thread-posix.h
> +++ b/include/qemu/thread-posix.h
> @@ -44,4 +44,12 @@ struct QemuThread {
> pthread_t thread;
> };
>
> +struct QemuThread_args {
QemuThreadArgs please.
> + void *(*start_routine)(void *);
> + void *arg;
> + char *name;
> + int mode;
> +};
> +
> +
> #endif
> diff --git a/include/qemu/thread.h b/include/qemu/thread.h
> index 9910f49b3a..db365242da 100644
> --- a/include/qemu/thread.h
> +++ b/include/qemu/thread.h
> @@ -10,6 +10,7 @@ typedef struct QemuSemaphore QemuSemaphore;
> typedef struct QemuEvent QemuEvent;
> typedef struct QemuLockCnt QemuLockCnt;
> typedef struct QemuThread QemuThread;
> +typedef struct QemuThread_args QemuThread_args;
This struct is internal to qemu-thread-posix.c so it doesn't need to go into the
header.
>
> #ifdef _WIN32
> #include "qemu/thread-win32.h"
> diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
> index 7306475899..07b5838862 100644
> --- a/util/qemu-thread-posix.c
> +++ b/util/qemu-thread-posix.c
> @@ -489,6 +489,30 @@ static void qemu_thread_set_name(QemuThread *thread,
> const char *name)
> #endif
> }
>
> +static void *qemu_thread_start(void *args)
> +{
> + QemuThread_args *qemu_thread_args;
> + void *ret;
> + QemuThread qemu_thread;
> +
> + qemu_thread_args = (QemuThread_args *)args;
Type casting is not needed for void * pointers in C.
> + qemu_thread_get_self(&qemu_thread);
> +
> + if (qemu_thread_args->name) {
> + qemu_thread_set_name(&qemu_thread, qemu_thread_args->name);
> + g_free(qemu_thread_args->name);
> + }
> +
> + if (qemu_thread_args->mode == QEMU_THREAD_DETACHED) {
> + pthread_detach(qemu_thread.thread);
> + }
> + ret = qemu_thread_args->start_routine(qemu_thread_args->arg);
> +
> + g_free(qemu_thread_args);
> + return ret;
> +}
> +
> +
> void qemu_thread_create(QemuThread *thread, const char *name,
> void *(*start_routine)(void*),
> void *arg, int mode)
> @@ -496,6 +520,7 @@ void qemu_thread_create(QemuThread *thread, const char
> *name,
> sigset_t set, oldset;
> int err;
> pthread_attr_t attr;
> + QemuThread_args *qemu_thread_args;
>
> err = pthread_attr_init(&attr);
> if (err) {
> @@ -505,20 +530,18 @@ void qemu_thread_create(QemuThread *thread, const char
> *name,
> /* Leave signal handling to the iothread. */
> sigfillset(&set);
> pthread_sigmask(SIG_SETMASK, &set, &oldset);
> - err = pthread_create(&thread->thread, &attr, start_routine, arg);
> +
> + qemu_thread_args = g_new0(QemuThread_args, 1);
> + qemu_thread_args->mode = mode;
> + qemu_thread_args->name = name_threads ? g_strdup_printf("%s", name) :
> NULL;
> + qemu_thread_args->start_routine = start_routine;
> + qemu_thread_args->arg = arg;
> +
> + err = pthread_create(&thread->thread, &attr,
> + qemu_thread_start, qemu_thread_args);
> if (err)
> error_exit(err, __func__);
>
> - if (name_threads) {
> - qemu_thread_set_name(thread, name);
> - }
> -
> - if (mode == QEMU_THREAD_DETACHED) {
> - err = pthread_detach(thread->thread);
> - if (err) {
> - error_exit(err, __func__);
> - }
> - }
> pthread_sigmask(SIG_SETMASK, &oldset, NULL);
>
> pthread_attr_destroy(&attr);
> --
> 2.12.2.windows.2
>
>
If you fix the above nits, you can add my:
Reviewed-by: Fam Zheng <address@hidden>