[PULL,4/4] net/colo-compare.c: Fix a crash in COLO Primary.

Message ID	1558084017-15947-5-git-send-email-jasowang@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Jason Wang <jasowang@redhat.com> To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Fri, 17 May 2019 17:06:57 +0800 Message-Id: <1558084017-15947-5-git-send-email-jasowang@redhat.com> In-Reply-To: <1558084017-15947-1-git-send-email-jasowang@redhat.com> References: <1558084017-15947-1-git-send-email-jasowang@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PULL 4/4] net/colo-compare.c: Fix a crash in COLO Primary. Precedence: list Cc: Jason Wang <jasowang@redhat.com>, Lukas Straub <lukasstraub2@web.de> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	[PULL,1/4] vhost_net: don't set backend for the uninitialized virtqueue \| expand [PULL,1/4] vhost_net: don't set backend for the uninitialized virtqueue [PULL,2/4] e1000: Never increment the RX undersize count register [PULL,3/4] net/slirp: fix the IPv6 prefix length error message [PULL,4/4] net/colo-compare.c: Fix a crash in COLO Primary.

Message ID

1558084017-15947-5-git-send-email-jasowang@redhat.com (mailing list archive)

State

New, archived

Headers

From: Jason Wang <jasowang@redhat.com>
To: qemu-devel@nongnu.org,
	peter.maydell@linaro.org
Date: Fri, 17 May 2019 17:06:57 +0800
Message-Id: <1558084017-15947-5-git-send-email-jasowang@redhat.com>
In-Reply-To: <1558084017-15947-1-git-send-email-jasowang@redhat.com>
References: <1558084017-15947-1-git-send-email-jasowang@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] [PULL 4/4] net/colo-compare.c: Fix a crash in COLO
 Primary.
Precedence: list
Cc: Jason Wang <jasowang@redhat.com>, Lukas Straub <lukasstraub2@web.de>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

[PULL,1/4] vhost_net: don't set backend for the uninitialized virtqueue | expand

Commit Message

Jason Wang May 17, 2019, 9:06 a.m. UTC

From: Lukas Straub <lukasstraub2@web.de>

Because event_unhandled_count may be accessed concurrently, it needs
to be protected by taking the lock. However the assert is outside the
lock, probably causing it to read garbage and aborting Qemu erroneously.

The Bug only happens when running Qemu in COLO mode.

This Patch fixes the following bug: https://bugs.launchpad.net/qemu/+bug/1824622

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/colo-compare.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index bf10526..fcb4911 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -813,9 +813,8 @@  static void colo_compare_handle_event(void *opaque)
         break;
     }
 
-    assert(event_unhandled_count > 0);
-
     qemu_mutex_lock(&event_mtx);
+    assert(event_unhandled_count > 0);
     event_unhandled_count--;
     qemu_cond_broadcast(&event_complete_cond);
     qemu_mutex_unlock(&event_mtx);