Re: [Qemu-devel] 答复: Re: [PATCHv4 01/03] qemu-iothread: IOThread supports theGMainContext event loop

Wed, 23 Aug 2017 01:44:47 -0700 

Hi Wang Yong,

To make the discussion easier, please try to fix your email client to:

1) set In-Reply-To: header when replying
2) use plain text instead of html
3) use monospace fonts to view and compose a reply
4) avoid attaching the original email in the end, just reply inline
5) maybe, use "Re:" in the subject for reply, avoid "答复:"
6) include not only email addresses in From:To:/Cc: headers, but also
   the names of recipients, in the form of

       Some Body <some.b...@example.com>, Another One <another....@example.com>,
       ...

Or maybe just switch to a functional email client.

On Wed, 08/23 15:58, wang.yong...@zte.com.cn wrote:
> >> diff --git a/iothread.c b/iothread.c>> index beeb870..fb1c55b 100644>> --- 
> >> a/iothread.c>> +++ b/iothread.c>> @@ -57,6 +57,20 @@ static void 
> >> *iothread_run(void *opaque)>>  >>      while 
> >> (!atomic_read(&iothread->stopping)) {>>          aio_poll(iothread->ctx, 
> >> true)>> +>> +        if (atomic_read(&iothread->worker_context)) {>> +     
> >>        g_main_context_push_thread_default(iothread->worker_context)>> +    
> >>         iothread->main_loop =>> +                
> >> g_main_loop_new(iothread->worker_context, TRUE)>> +            
> >> g_main_loop_run(iothread->main_loop)>> +>> +            
> >> g_main_loop_unref(iothread->main_loop)>> +            iothread->main_loop 
> >> = NULL>
> 
> >You should clear iothread->main_loop first before calling 
> >g_main_loop_unref(),>to avoid TOCTOU race with iothread_stop():>
> 
> >  iothread_run (in IOThread)          iothread_stop (in main thread)> 
> > ========================================================================>   
> >                                  if (atomic_read(&iothread->main_loop)) {>  
> > /* frees iothread->main_loop */>  g_main_loop_unref(...)>                   
> >                       /* Accesses freed memory */>                          
> >                 g_main_loop_quit(iothread->main_loop)>                      
> >                 }>  iothread->main_loop = NULL
> 
> When the g_main_loop_quit function is called, the g_main_loop_run function 
> can exit?
> 
> 
> 
> 
> iothread_run (in IOThread)                                         
> iothread_stop (in main thread)
> 
> ========================================================================
> 
>                                                                               
>      /*step1: set  loop->is_running = FALSE*/
> 
>                                                                               
>     g_main_loop_quit(iothread->main_loop)
> 
> /*step2: main loop exit */                                                    
>                                                                               
>                                   
> 
> g_main_loop_run()
> 
> /*step3:frees iothread->main_loop memory*/
> 
> g_main_loop_unref(...)
> 
> iothread->main_loop = NULL
> 
> 
> 
> 
> I think it's ok, I don't know whether I understand it correctly or not?

Your sequence is ok. But remember this is multi-threaded and the execution order
between two threads are non-deterministic. The sequence I pointed out is also
"possible" and will cause use-after-free due to TOCTOU race condition [1].

[1]: https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use

Fam

Reply via email to