Patchwork Init win32 CRITICAL_SECTION before starting thread; crash when attaching disks

login
register
mail settings
Submitter Bogdan Harjoc
Date Dec. 29, 2011, 5:29 p.m.
Message ID <CAF4+tmopXFry77uZitO5=KjPkgcjJE_gwpY8V051Vk=TWsx2QA@mail.gmail.com>
Download mbox | patch
Permalink /patch/133585/
State New
Headers show

Comments

Bogdan Harjoc - Dec. 29, 2011, 5:29 p.m.
Git commit 8d3bc51 crashes on win32 on startup because qemu_tcg_init_vcpu
calls:

qemu_thread_create(th, qemu_tcg_cpu_thread_fn, ...
...
qemu_thread_get_handle(th)

which locks th->data->cs, a CRITICAL_SECTION which is initialized only in
the thread_fn, so it finds garbage.

Attached patch initializes it before calling _beginthreadex. GDB/windbg
probably start newly created threads sooner, because this doesn't happen
under a debugger.

With the patch below it boots until it crashes somewhere while attaching
disks (-hda raw_img).

"bt" in gdb only returns "#0  0x00000000 in ??" and generate-core-file
didn't work.

Cheers,
Paolo Bonzini - Dec. 30, 2011, 3:57 p.m.
On 12/29/2011 06:29 PM, Bogdan Harjoc wrote:
> Git commit 8d3bc51 crashes on win32 on startup because
> qemu_tcg_init_vcpu calls:
>
> qemu_thread_create(th, qemu_tcg_cpu_thread_fn, ...
> ...
> qemu_thread_get_handle(th)
>
> which locks th->data->cs, a CRITICAL_SECTION which is initialized only
> in the thread_fn, so it finds garbage.
>
> Attached patch initializes it before calling _beginthreadex. GDB/windbg
> probably start newly created threads sooner, because this doesn't happen
> under a debugger.
>
> With the patch below it boots until it crashes somewhere while attaching
> disks (-hda raw_img).
>
> "bt" in gdb only returns "#0  0x00000000 in ??" and generate-core-file
> didn't work.
>
> Cheers,
>
> diff -du qemu-8d3bc51\qemu-thread-win32.c
> qemu-8d3bc51-new\qemu-thread-win32.c
> --- qemu-8d3bc51\qemu-thread-win32.c    Tue Dec 27 17:28:58 2011
> +++ qemu-8d3bc51-new\qemu-thread-win32.c    Thu Dec 29 18:59:50 2011
> @@ -215,8 +215,6 @@
>       if (data->mode == QEMU_THREAD_DETACHED) {
>           g_free(data);
>           data = NULL;
> -    } else {
> -        InitializeCriticalSection(&data->cs);
>       }
>       TlsSetValue(qemu_thread_tls_index, data);
>       qemu_thread_exit(start_routine(thread_arg));
> @@ -287,6 +285,10 @@
>       data->arg = arg;
>       data->mode = mode;
>       data->exited = false;
> +
> +    if (data->mode != QEMU_THREAD_DETACHED) {
> +        InitializeCriticalSection(&data->cs);
> +    }
>
>       hThread = (HANDLE) _beginthreadex(NULL, 0, win32_start_routine,
>                                         data, 0, &thread->tid);
>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Weil - Jan. 21, 2012, 10:08 p.m.
Am 29.12.2011 18:29, schrieb Bogdan Harjoc:
> Git commit 8d3bc51 crashes on win32 on startup because 
> qemu_tcg_init_vcpu calls:
>
> qemu_thread_create(th, qemu_tcg_cpu_thread_fn, ...
> ...
> qemu_thread_get_handle(th)
>
> which locks th->data->cs, a CRITICAL_SECTION which is initialized only 
> in the thread_fn, so it finds garbage.
>
> Attached patch initializes it before calling _beginthreadex. 
> GDB/windbg probably start newly created threads sooner, because this 
> doesn't happen under a debugger.
>
> With the patch below it boots until it crashes somewhere while 
> attaching disks (-hda raw_img).
>
> "bt" in gdb only returns "#0  0x00000000 in ??" and generate-core-file 
> didn't work.
>
> Cheers,
>
> diff -du qemu-8d3bc51\qemu-thread-win32.c 
> qemu-8d3bc51-new\qemu-thread-win32.c
> --- qemu-8d3bc51\qemu-thread-win32.c    Tue Dec 27 17:28:58 2011
> +++ qemu-8d3bc51-new\qemu-thread-win32.c    Thu Dec 29 18:59:50 2011
> @@ -215,8 +215,6 @@
>      if (data->mode == QEMU_THREAD_DETACHED) {
>          g_free(data);
>          data = NULL;
> -    } else {
> -        InitializeCriticalSection(&data->cs);
>      }
>      TlsSetValue(qemu_thread_tls_index, data);
>      qemu_thread_exit(start_routine(thread_arg));
> @@ -287,6 +285,10 @@
>      data->arg = arg;
>      data->mode = mode;
>      data->exited = false;
> +
> +    if (data->mode != QEMU_THREAD_DETACHED) {
> +        InitializeCriticalSection(&data->cs);
> +    }
>
>      hThread = (HANDLE) _beginthreadex(NULL, 0, win32_start_routine,
>                                        data, 0, &thread->tid);
>

Hi,

could you please resend your patch with a Signed-by line?
And you should use "git format-patch" to create the patch.

See http://wiki.qemu.org/Contribute/SubmitAPatch for more information.

Thanks,

Stefan Weil
Stefan Weil - Jan. 21, 2012, 10:11 p.m.
Am 21.01.2012 23:08, schrieb Stefan Weil:
>
> Hi,
>
> could you please resend your patch with a Signed-by line?

Signed-off-by, of course. Sorry, it's too late for writing mails :-)


> And you should use "git format-patch" to create the patch.
>
> See http://wiki.qemu.org/Contribute/SubmitAPatch for more information.
>
> Thanks,
>
> Stefan Weil
>
Stefan Weil - Jan. 27, 2012, 9:34 p.m.
Am 29.12.2011 18:29, schrieb Bogdan Harjoc:
> Git commit 8d3bc51 crashes on win32 on startup because 
> qemu_tcg_init_vcpu calls:
>
> qemu_thread_create(th, qemu_tcg_cpu_thread_fn, ...
> ...
> qemu_thread_get_handle(th)
>
> which locks th->data->cs, a CRITICAL_SECTION which is initialized only 
> in the thread_fn, so it finds garbage.
>
> Attached patch initializes it before calling _beginthreadex. 
> GDB/windbg probably start newly created threads sooner, because this 
> doesn't happen under a debugger.
>
> With the patch below it boots until it crashes somewhere while 
> attaching disks (-hda raw_img).
>
> "bt" in gdb only returns "#0  0x00000000 in ??" and generate-core-file 
> didn't work.
>
> Cheers,
>
> diff -du qemu-8d3bc51\qemu-thread-win32.c 
> qemu-8d3bc51-new\qemu-thread-win32.c
> --- qemu-8d3bc51\qemu-thread-win32.c    Tue Dec 27 17:28:58 2011
> +++ qemu-8d3bc51-new\qemu-thread-win32.c    Thu Dec 29 18:59:50 2011
> @@ -215,8 +215,6 @@
>      if (data->mode == QEMU_THREAD_DETACHED) {
>          g_free(data);
>          data = NULL;
> -    } else {
> -        InitializeCriticalSection(&data->cs);
>      }
>      TlsSetValue(qemu_thread_tls_index, data);
>      qemu_thread_exit(start_routine(thread_arg));
> @@ -287,6 +285,10 @@
>      data->arg = arg;
>      data->mode = mode;
>      data->exited = false;
> +
> +    if (data->mode != QEMU_THREAD_DETACHED) {
> +        InitializeCriticalSection(&data->cs);
> +    }
>
>      hThread = (HANDLE) _beginthreadex(NULL, 0, win32_start_routine,
>                                        data, 0, &thread->tid);
>


Tested-by: Stefan Weil <sw@weilnetz.de>


Hi Bogdan,

I can confirm that your patch fixes a crash which otherwise makes
QEMU unusable on Windows hosts.

Could you please sign your patch with a Signed-off-by line including
your name and e-mail address (similar to my Tested-by above)?
We need this before we can commit your patch to QEMU master.

See http://wiki.qemu.org/Contribute/SubmitAPatch for more information.

Please contact me if you need more information.

Regards,

Stefan
Sebastian Herbszt - Jan. 30, 2012, 10:23 p.m.
Stefan Weil wrote:
> Tested-by: Stefan Weil <sw@weilnetz.de>
>
>
> Hi Bogdan,
> 
> I can confirm that your patch fixes a crash which otherwise makes
> QEMU unusable on Windows hosts.

This patch likely fixes bug #922131 [1].

[1] https://bugs.launchpad.net/qemu/+bug/922131

Sebastian

Patch

diff -du qemu-8d3bc51\qemu-thread-win32.c
qemu-8d3bc51-new\qemu-thread-win32.c
--- qemu-8d3bc51\qemu-thread-win32.c    Tue Dec 27 17:28:58 2011
+++ qemu-8d3bc51-new\qemu-thread-win32.c    Thu Dec 29 18:59:50 2011
@@ -215,8 +215,6 @@ 
     if (data->mode == QEMU_THREAD_DETACHED) {
         g_free(data);
         data = NULL;
-    } else {
-        InitializeCriticalSection(&data->cs);
     }
     TlsSetValue(qemu_thread_tls_index, data);
     qemu_thread_exit(start_routine(thread_arg));
@@ -287,6 +285,10 @@ 
     data->arg = arg;
     data->mode = mode;
     data->exited = false;
+
+    if (data->mode != QEMU_THREAD_DETACHED) {
+        InitializeCriticalSection(&data->cs);
+    }

     hThread = (HANDLE) _beginthreadex(NULL, 0, win32_start_routine,
                                       data, 0, &thread->tid);