Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race

From:	Gerd Hoffmann
Subject:	Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race
Date:	Mon, 26 Nov 2018 14:56:43 +0100
User-agent:	NeoMutt/20180716

On Mon, Nov 26, 2018 at 10:34:13AM +0000, li qiang wrote:
> 
> 在 2018/11/26 18:08, Gerd Hoffmann 写道:
> > The token field contains the (guest-filled) state of the qtd, which
> > indicates whenever the other fields are valid or not.  So make sure
> > we read the token first, otherwise we may end up with an stale next
> > pointer:
> >
> >    (1) ehci reads next
> >    (2) guest writes next
> >    (3) guest writes token
> >    (4) ehci reads token
> >    (5) ehci operates with stale next.
> 
> Hello Gerd,
> 
> Could you please explain how this can happen?
> 
> IMO, the device emulation holds the BQL and the guest can't execute, how 
> can the guest

No.  vcpus can run in parallel to the iothread (at least as long as they
are running in guest context, when they vmexit they have to wait for the
BQL).

cheers,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] ehci: fix fetch qtd race, Gerd Hoffmann, 2018/11/26
- Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race, li qiang, 2018/11/26
  - Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race, Gerd Hoffmann <=

Prev by Date: Re: [Qemu-devel] [PATCH for-3.2 v3 00/14] Generalize machine compatibility properties
Next by Date: [Qemu-devel] [PULL 0/3] target-arm queue
Previous by thread: Re: [Qemu-devel] [PATCH] ehci: fix fetch qtd race
Next by thread: [Qemu-devel] [PATCH] doc: fix the configuration path
Index(es):
- Date
- Thread