[72/78] 9p: Lock directory streams with a CoMutex

Message ID	20200616141547.24664-73-mdroth@linux.vnet.ibm.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Michael Roth <mdroth@linux.vnet.ibm.com> To: qemu-devel@nongnu.org Subject: [PATCH 72/78] 9p: Lock directory streams with a CoMutex Date: Tue, 16 Jun 2020 09:15:41 -0500 Message-Id: <20200616141547.24664-73-mdroth@linux.vnet.ibm.com> In-Reply-To: <20200616141547.24664-1-mdroth@linux.vnet.ibm.com> References: <20200616141547.24664-1-mdroth@linux.vnet.ibm.com> Received-SPF: pass client-ip=2607:f8b0:4864:20::343; envelope-from=flukshun@gmail.com; helo=mail-ot1-x343.google.com Precedence: list Cc: qemu-stable@nongnu.org, Greg Kurz <groug@kaod.org> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	Patch Round-up for stable 4.2.1, freeze on 2020-06-22 \| expand [00/78] Patch Round-up for stable 4.2.1, freeze on 2020-06-22 [01/78] block/nbd: extract the common cleanup code [02/78] block/nbd: fix memory leak in nbd_open() [03/78] i386: Resolve CPU models to v1 by default [04/78] qapi: better document NVMe blockdev @device parameter [05/78] target/arm: ensure we use current exception state after SCR update [06/78] block: Activate recursively even for already active nodes [07/78] virtio-blk: fix out-of-bounds access to bitmap in notify_guest_bh [08/78] numa: remove not needed check [09/78] numa: properly check if numa is supported [10/78] backup-top: Begin drain earlier [11/78] arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on() [12/78] arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on() [13/78] hw/i386/pc: fix regression in parsing vga cmdline parameter [14/78] tests/ide-test: Create a single unit-test covering more PRDT cases [15/78] ide: Fix incorrect handling of some PRDTs in ide_dma_cb() [16/78] target/arm: Set ISSIs16Bit in make_issinfo [17/78] virtio: update queue size on guest write [18/78] virtio-mmio: update queue size on guest write [19/78] virtio: add ability to delete vq through a pointer [20/78] virtio: make virtio_delete_queue idempotent [21/78] virtio: reset region cache when on queue deletion [22/78] virtio-net: delete also control queue when TX/RX deleted [23/78] intel_iommu: a fix to vtd_find_as_from_bus_num() [24/78] intel_iommu: add present bit check for pasid table entries [25/78] vfio/pci: Don't remove irqchip notifier if not registered [26/78] qcow2-bitmaps: fix qcow2_can_store_new_dirty_bitmap [27/78] dp8393x: Mask EOL bit from descriptor addresses [28/78] dp8393x: Always use 32-bit accesses [29/78] dp8393x: Clean up endianness hacks [30/78] dp8393x: Have dp8393x_receive() return the packet size [31/78] dp8393x: Update LLFA and CRDA registers from rx descriptor [32/78] dp8393x: Clear RRRA command register bit only when appropriate [33/78] dp8393x: Implement packet size limit and RBAE interrupt [34/78] dp8393x: Don't clobber packet checksum [35/78] dp8393x: Use long-word-aligned RRA pointers in 32-bit mode [36/78] dp8393x: Pad frames to word or long word boundary [37/78] dp8393x: Clear descriptor in_use field to release packet [38/78] dp8393x: Always update RRA pointers and sequence numbers [39/78] dp8393x: Don't reset Silicon Revision register [40/78] dp8393x: Don't stop reception upon RBE interrupt assertion [41/78] s390/sclp: improve special wait psw logic [42/78] plugins/core: add missing break in cb_to_tcg_flags [43/78] tcg: save vaddr temp for plugin usage [44/78] qcow2: update_refcount(): Reset old_table_index after qcow2_cache_put() [45/78] qcow2: Fix qcow2_alloc_cluster_abort() for external data file [46/78] iotests: Test copy offloading with external data file [47/78] qcow2: Fix alloc_cluster_abort() for pre-existing clusters [48/78] iotests/026: Test EIO on preallocated zero cluster [49/78] iotests/026: Test EIO on allocation in a data-file [50/78] virtio: gracefully handle invalid region caches [51/78] scsi/qemu-pr-helper: Fix out-of-bounds access to trnptid_list[] [52/78] block/qcow2-threads: fix qcow2_decompress [53/78] job: refactor progress to separate object [54/78] block/block-copy: fix progress calculation [55/78] target/ppc: Fix rlwinm on ppc64 [56/78] block/io: fix bdrv_co_do_copy_on_readv [57/78] compat: disable edid on correct virtio-gpu device [58/78] qga: Installer: Wait for installation to finish [59/78] qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error [60/78] qga-win: prevent crash when executing guest-file-read with large count [61/78] qga: Fix undefined C behavior [62/78] qemu-ga: document vsock-listen in the man page [63/78] hw/i386/amd_iommu.c: Fix corruption of log events passed to guest [64/78] tcg/i386: Fix INDEX_op_dup2_vec [65/78] dump: Fix writing of ELF section [66/78] xen-block: Fix double qlist remove and request leak [67/78] vhost-user-gpu: Release memory returned by vu_queue_pop() with free() [68/78] target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts [69/78] hostmem: don't use mbind() if host-nodes is empty [70/78] target/arm: Clear tail in gvec_fmul_idx_, gvec_fmla_idx_ [71/78] qemu-nbd: Close inherited stderr [72/78] 9p: Lock directory streams with a CoMutex [73/78] net: Do not include a newline in the id of -nic devices [74/78] nbd/server: Avoid long error message assertions CVE-2020-10761 [75/78] virtio-balloon: fix free page hinting without an iothread [76/78] virtio-balloon: fix free page hinting check on unrealize [77/78] virtio-balloon: unref the iothread when unrealizing [78/78] block: Call attention to truncation of long NBD exports

Michael Roth June 16, 2020, 2:15 p.m. UTC

From: Greg Kurz <groug@kaod.org>

Locking was introduced in QEMU 2.7 to address the deprecation of
readdir_r(3) in glibc 2.24. It turns out that the frontend code is
the worst place to handle a critical section with a pthread mutex:
the code runs in a coroutine on behalf of the QEMU mainloop and then
yields control, waiting for the fsdev backend to process the request
in a worker thread. If the client resends another readdir request for
the same fid before the previous one finally unlocked the mutex, we're
deadlocked.

This never bit us because the linux client serializes readdir requests
for the same fid, but it is quite easy to demonstrate with a custom
client.

A good solution could be to narrow the critical section in the worker
thread code and to return a copy of the dirent to the frontend, but
this causes quite some changes in both 9p.c and codir.c. So, instead
of that, in order for people to easily backport the fix to older QEMU
versions, let's simply use a CoMutex since all the users for this
sit in coroutines.

Fixes: 7cde47d4a89d ("9p: add locking to V9fsDir")
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <158981894794.109297.3530035833368944254.stgit@bahia.lan>
Signed-off-by: Greg Kurz <groug@kaod.org>
(cherry picked from commit ed463454efd0ac3042ff772bfe1b1d846dc281a5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/9pfs/9p.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Greg Kurz June 16, 2020, 3:14 p.m. UTC | #1

Cc'ing co-maintainer Christian Schoenebeck.

Christian,

If there are some more commits you think are worth being cherry picked
for QEMU 4.2.1, please inform Michael before freeze on 2020-06-22.

Cheers,

--
Greg

On Tue, 16 Jun 2020 09:15:41 -0500
Michael Roth <mdroth@linux.vnet.ibm.com> wrote:

> From: Greg Kurz <groug@kaod.org>
> 
> Locking was introduced in QEMU 2.7 to address the deprecation of
> readdir_r(3) in glibc 2.24. It turns out that the frontend code is
> the worst place to handle a critical section with a pthread mutex:
> the code runs in a coroutine on behalf of the QEMU mainloop and then
> yields control, waiting for the fsdev backend to process the request
> in a worker thread. If the client resends another readdir request for
> the same fid before the previous one finally unlocked the mutex, we're
> deadlocked.
> 
> This never bit us because the linux client serializes readdir requests
> for the same fid, but it is quite easy to demonstrate with a custom
> client.
> 
> A good solution could be to narrow the critical section in the worker
> thread code and to return a copy of the dirent to the frontend, but
> this causes quite some changes in both 9p.c and codir.c. So, instead
> of that, in order for people to easily backport the fix to older QEMU
> versions, let's simply use a CoMutex since all the users for this
> sit in coroutines.
> 
> Fixes: 7cde47d4a89d ("9p: add locking to V9fsDir")
> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
> Message-Id: <158981894794.109297.3530035833368944254.stgit@bahia.lan>
> Signed-off-by: Greg Kurz <groug@kaod.org>
> (cherry picked from commit ed463454efd0ac3042ff772bfe1b1d846dc281a5)
> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> ---
>  hw/9pfs/9p.h | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
> index 3904f82901..069c86333f 100644
> --- a/hw/9pfs/9p.h
> +++ b/hw/9pfs/9p.h
> @@ -186,22 +186,22 @@ typedef struct V9fsXattr
>  
>  typedef struct V9fsDir {
>      DIR *stream;
> -    QemuMutex readdir_mutex;
> +    CoMutex readdir_mutex;
>  } V9fsDir;
>  
>  static inline void v9fs_readdir_lock(V9fsDir *dir)
>  {
> -    qemu_mutex_lock(&dir->readdir_mutex);
> +    qemu_co_mutex_lock(&dir->readdir_mutex);
>  }
>  
>  static inline void v9fs_readdir_unlock(V9fsDir *dir)
>  {
> -    qemu_mutex_unlock(&dir->readdir_mutex);
> +    qemu_co_mutex_unlock(&dir->readdir_mutex);
>  }
>  
>  static inline void v9fs_readdir_init(V9fsDir *dir)
>  {
> -    qemu_mutex_init(&dir->readdir_mutex);
> +    qemu_co_mutex_init(&dir->readdir_mutex);
>  }
>  
>  /*

Christian Schoenebeck June 16, 2020, 4:09 p.m. UTC | #2

On Dienstag, 16. Juni 2020 17:14:40 CEST Greg Kurz wrote:
> Cc'ing co-maintainer Christian Schoenebeck.
> 
> Christian,
> 
> If there are some more commits you think are worth being cherry picked
> for QEMU 4.2.1, please inform Michael before freeze on 2020-06-22.

Indeed, for that particular stable branch I would see the following 9p fixes
as additional candidates (chronologically top down):

841b8d099c [trivial] 9pfs: local: Fix possible memory leak in local_link()
846cf408a4 [maybe] 9p: local: always return -1 on error in local_unlinkat_common
9580d60e66 [maybe] virtio-9p-device: fix memleak in virtio_9p_device_unrealize
659f195328 [trivial] 9p/proxy: Fix export_flags
a5804fcf7b [maybe] 9pfs: local: ignore O_NOATIME if we don't have permissions
03556ea920 [trivial] 9pfs: include linux/limits.h for XATTR_SIZE_MAX
a4c4d46272 [recommended] xen/9pfs: yield when there isn't enough room on the ring

What do you think Greg?

What's the recommended way for me to keep track of imminent stable picks/
freezes in future?

Best regards,
Christian Schoenebeck

Greg Kurz June 16, 2020, 4:41 p.m. UTC | #3

On Tue, 16 Jun 2020 18:09:04 +0200
Christian Schoenebeck <qemu_oss@crudebyte.com> wrote:

> On Dienstag, 16. Juni 2020 17:14:40 CEST Greg Kurz wrote:
> > Cc'ing co-maintainer Christian Schoenebeck.
> > 
> > Christian,
> > 
> > If there are some more commits you think are worth being cherry picked
> > for QEMU 4.2.1, please inform Michael before freeze on 2020-06-22.
> 
> Indeed, for that particular stable branch I would see the following 9p fixes
> as additional candidates (chronologically top down):
> 
> 841b8d099c [trivial] 9pfs: local: Fix possible memory leak in local_link()
> 846cf408a4 [maybe] 9p: local: always return -1 on error in local_unlinkat_common
> 9580d60e66 [maybe] virtio-9p-device: fix memleak in virtio_9p_device_unrealize
> 659f195328 [trivial] 9p/proxy: Fix export_flags
> a5804fcf7b [maybe] 9pfs: local: ignore O_NOATIME if we don't have permissions
> 03556ea920 [trivial] 9pfs: include linux/limits.h for XATTR_SIZE_MAX
> a4c4d46272 [recommended] xen/9pfs: yield when there isn't enough room on the ring
> 
> What do you think Greg?
> 

AFAIK, only regressions and fixes to severe bugs (QEMU crashes, hangs, CVEs) go
to stable QEMU releases. It doesn't seem to be the case for any of the commits
listed above but I had only a quick look.

> What's the recommended way for me to keep track of imminent stable picks/
> freezes in future?
> 

Hmm good question. I'm usually notified when Michael posts the patch round-up
and a 9p patch is already in the list, like for the present patch. Other than
that I watch qemu-stable from time to time or the planning pages in the wiki.

Michael, anything better to suggest to Christian ?

> Best regards,
> Christian Schoenebeck
> 
>

Michael Roth June 16, 2020, 10:46 p.m. UTC | #4

Quoting Greg Kurz (2020-06-16 11:41:36)
> On Tue, 16 Jun 2020 18:09:04 +0200
> Christian Schoenebeck <qemu_oss@crudebyte.com> wrote:
> 
> > On Dienstag, 16. Juni 2020 17:14:40 CEST Greg Kurz wrote:
> > > Cc'ing co-maintainer Christian Schoenebeck.
> > > 
> > > Christian,
> > > 
> > > If there are some more commits you think are worth being cherry picked
> > > for QEMU 4.2.1, please inform Michael before freeze on 2020-06-22.
> > 
> > Indeed, for that particular stable branch I would see the following 9p fixes
> > as additional candidates (chronologically top down):
> > 
> > 841b8d099c [trivial] 9pfs: local: Fix possible memory leak in local_link()
> > 846cf408a4 [maybe] 9p: local: always return -1 on error in local_unlinkat_common
> > 9580d60e66 [maybe] virtio-9p-device: fix memleak in virtio_9p_device_unrealize
> > 659f195328 [trivial] 9p/proxy: Fix export_flags
> > a5804fcf7b [maybe] 9pfs: local: ignore O_NOATIME if we don't have permissions
> > 03556ea920 [trivial] 9pfs: include linux/limits.h for XATTR_SIZE_MAX
> > a4c4d46272 [recommended] xen/9pfs: yield when there isn't enough room on the ring
> > 
> > What do you think Greg?
> > 
> 
> AFAIK, only regressions and fixes to severe bugs (QEMU crashes, hangs, CVEs) go
> to stable QEMU releases. It doesn't seem to be the case for any of the commits
> listed above but I had only a quick look.

That's the main focus, but if memory leaks and other minor fixes get tagged
for stable I'll generally pull those in as well if the backport is fairly
straightforward. As that was the case with the patches above I went
ahead and pull those in.

> 
> > What's the recommended way for me to keep track of imminent stable picks/
> > freezes in future?
> > 
> 
> Hmm good question. I'm usually notified when Michael posts the patch round-up
> and a 9p patch is already in the list, like for the present patch. Other than
> that I watch qemu-stable from time to time or the planning pages in the wiki.
> 
> Michael, anything better to suggest to Christian ?

I think that about covers it. You can also subscribe to the planning
pages, e.g. https://wiki.qemu.org/Planning/5.0 (by clicking the
star/"add to watchlist" icon), then you'll get notifications when
additional release/freeze dates are added. Generally it will be updated
shortly before the patch round-up gets posted to qemu-stable.

> 
> > Best regards,
> > Christian Schoenebeck
> > 
> > 
>

Christian Schoenebeck June 18, 2020, 1:47 p.m. UTC | #5

On Mittwoch, 17. Juni 2020 00:46:26 CEST Michael Roth wrote:
> > > Indeed, for that particular stable branch I would see the following 9p
> > > fixes as additional candidates (chronologically top down):
> > > 
> > > 841b8d099c [trivial] 9pfs: local: Fix possible memory leak in
> > > local_link()
> > > 846cf408a4 [maybe] 9p: local: always return -1 on error in
> > > local_unlinkat_common 9580d60e66 [maybe] virtio-9p-device: fix memleak
> > > in virtio_9p_device_unrealize 659f195328 [trivial] 9p/proxy: Fix
> > > export_flags
> > > a5804fcf7b [maybe] 9pfs: local: ignore O_NOATIME if we don't have
> > > permissions 03556ea920 [trivial] 9pfs: include linux/limits.h for
> > > XATTR_SIZE_MAX a4c4d46272 [recommended] xen/9pfs: yield when there
> > > isn't enough room on the ring
> > > 
> > > What do you think Greg?
> > 
> > AFAIK, only regressions and fixes to severe bugs (QEMU crashes, hangs,
> > CVEs) go to stable QEMU releases. It doesn't seem to be the case for any
> > of the commits listed above but I had only a quick look.
> 
> That's the main focus, but if memory leaks and other minor fixes get tagged
> for stable I'll generally pull those in as well if the backport is fairly
> straightforward. As that was the case with the patches above I went
> ahead and pull those in.
> 
> > > What's the recommended way for me to keep track of imminent stable
> > > picks/
> > > freezes in future?
> > 
> > Hmm good question. I'm usually notified when Michael posts the patch
> > round-up and a 9p patch is already in the list, like for the present
> > patch. Other than that I watch qemu-stable from time to time or the
> > planning pages in the wiki.
> > 
> > Michael, anything better to suggest to Christian ?
> 
> I think that about covers it. You can also subscribe to the planning
> pages, e.g. https://wiki.qemu.org/Planning/5.0 (by clicking the
> star/"add to watchlist" icon), then you'll get notifications when
> additional release/freeze dates are added. Generally it will be updated
> shortly before the patch round-up gets posted to qemu-stable.

Good idea! Will do that.

Thanks Michael!

Best regards,
Christian Schoenebeck

[72/78] 9p: Lock directory streams with a CoMutex

Commit Message

Comments

Patch