On Wed, Jun 20, 2018 at 16:45:27 +0800, Weilun Zhu wrote: > As qemuMonitorJSONIOProcess will call qemuMonitorJSONIOProcessEvent > which unlocks the monitor mutex, there is some extreme situation, > eg qemu send message to monitor twice in a short time, where the > local viriable 'msg' of qemuMonitorIOProcess could be a wild point: > > 1. qemuMonitorSend() assign mon->msg to parameter 'msg', which is alse a > local variable of its caller qemuMonitorJSONCommandWithFd(), cause > eventloop to send message to monitor, then wait condition. > 2. qemu send message to monitor for the first time immediately. > 3. qemuMonitorIOProcess() is called, then wake up the qemuMonitorSend() > thread, but the qemuMonitorSend() thread stuck for a while as cpu pressure > or some other reasons, which means the qemu monitor is still unlocked. > 4. qemu send event message to monitor for the second time, > such as RTC_CHANGE event > 5. qemuMonitorIOProcess() is called again, the local viriable 'msg' is > assigned to mon->msg. > 6. qemuMonitorIOProcess() call qemuMonitorJSONIOProcess() to deal with > the qemu event. > 7. qemuMonitorJSONIOProcess() unlock the qemu monitor in the macro > 'QEMU_MONITOR_CALLBACK', then qemuMonitorSend() thread get the mutex > and free the mon->msg, assign mon->msg to NULL. > > Signed-off-by: Weilun Zhu <zhuweilun@xxxxxxxxxx> > --- > src/qemu/qemu_monitor.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) Reviewed-by: Jiri Denemark <jdenemar@xxxxxxxxxx> and pushed. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
