On 6/23/23 15:48, Peter Krempa wrote: > From: zuoboqun <zuoboqun@xxxxxxxxx> > > When detaching a device, the following race condition may happen: > Once qemuDomainSignalDeviceRemoval() marks the device for > removal, it returns true, which means it is the caller > that marked the device for removal is going to remove the > device from domain definition. > > But qemuDomainWaitForDeviceRemoval() may still receive > timeout from virDomainObjWaitUntil() which is implemented > by pthread_cond_timedwait() due to an unavoidable race > between the expiration of the timeout and the predicate > state(priv->unplug.alias) change. > > And then qemuDomainWaitForDeviceRemoval() will return 0, > thus the caller will not remove the device from domain > definition. > > In this situation, the device is still present in the domain > definition but doesn't exist in qemu anymore. Worse, there is > no way to remove it from the domain definition. > > Solution is to recheck the value of priv->unplug.alias to > determine who is going to remove the device from domain > definition. > > Signed-off-by: zuo boqun <zuoboqun@xxxxxxxxx> > Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > > v2: > - rewrote waiting loop so that we always check the unplug status if the > thread was notified > - added comments explaining the logic > > src/qemu/qemu_hotplug.c | 20 +++++++++++++------- > 1 file changed, 13 insertions(+), 7 deletions(-) Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
