From nobody Sat Dec 28 10:06:00 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1719512035; cv=none; d=zohomail.com; s=zohoarc; b=QoQG1iFIshkFZwRqTqIps1TVbE9j7EAi74dfTFk3z+tcT6s5Qx0VgsBCkosUY+4vHKJUxF4M9bFmXT9m6g4Yx/kt/+ZB7aFBCEI8nWfS76YH0QEGc9UEeskFfzU4RzJ+sCfSap2pO6eUEshFyhe5DzgYYIYXokGS0ofnsFg/q+k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1719512035; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Gec3LUcZiAY4dxA2bnifaJaoSCKN9ssV4ZLYVPjMR7k=; b=EG5uKAz/Ii1GGObpODZ4UgPEGZwUYfrfmbjbOJK7jIbiGqmivZGFQJWtPint9EoK0hj+1Vk+u41WxUFz7y1NA//67YQAqWOIhMJCVlCLAk8w9I/ZxdtJNRDqqKQKiRniZgMwR/+O9PH3F3d+ouhl1KSnI3ipEU9NYAJ1B73gj8c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1719512035809167.27953913538101; Thu, 27 Jun 2024 11:13:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sMtcZ-0005VQ-DU; Thu, 27 Jun 2024 14:13:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMtcP-0005RI-42 for qemu-devel@nongnu.org; Thu, 27 Jun 2024 14:13:14 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMtcL-0006nO-J7 for qemu-devel@nongnu.org; Thu, 27 Jun 2024 14:13:11 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-269-G7RbJyETNUuhDiOsoSpBCw-1; Thu, 27 Jun 2024 14:13:05 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E78E019560B5; Thu, 27 Jun 2024 18:13:04 +0000 (UTC) Received: from merkur.redhat.com (unknown [10.39.192.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id EA70D1955BD4; Thu, 27 Jun 2024 18:13:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1719511989; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gec3LUcZiAY4dxA2bnifaJaoSCKN9ssV4ZLYVPjMR7k=; b=TGfPMhk203uQdgQdWLZsUU41Dpmz2+1E3+nmIfEN8/Iz+XYSr6xGHuYbt7YaPNzUbYkT6M H9Ed+RnKrYCWvxpmY7wKJewsYoJ9JijlJEav5FmPvor2DqX1Exp96p0NBfcN7ZTtRgLhlk /xkBlnT0a/0UY4UXLcaBE/MMwSr4vkQ= X-MC-Unique: G7RbJyETNUuhDiOsoSpBCw-1 From: Kevin Wolf To: qemu-block@nongnu.org Cc: kwolf@redhat.com, stefanha@redhat.com, eblake@redhat.com, pbonzini@redhat.com, qemu-devel@nongnu.org Subject: [PATCH 1/2] block-copy: Fix missing graph lock Date: Thu, 27 Jun 2024 20:12:44 +0200 Message-ID: <20240627181245.281403-2-kwolf@redhat.com> In-Reply-To: <20240627181245.281403-1-kwolf@redhat.com> References: <20240627181245.281403-1-kwolf@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -22 X-Spam_score: -2.3 X-Spam_bar: -- X-Spam_report: (-2.3 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.212, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1719512036817100001 Content-Type: text/plain; charset="utf-8" The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix block_copy_task_entry() to take it for the call. WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of limitations in clang's Thread Safety Analysis at the time, so that it only asserts that the lock is held (which allows calling functions that require the lock), but we never deal with the unlocking (so even after the scope of the guard, the compiler assumes that the lock is still held). This is why the compiler didn't catch this locking error. Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi --- block/block-copy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/block-copy.c b/block/block-copy.c index 7e3b378528..cc618e4561 100644 --- a/block/block-copy.c +++ b/block/block-copy.c @@ -595,7 +595,9 @@ static coroutine_fn int block_copy_task_entry(AioTask *= task) if (s->discard_source && ret =3D=3D 0) { int64_t nbytes =3D MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset; - bdrv_co_pdiscard(s->source, t->req.offset, nbytes); + WITH_GRAPH_RDLOCK_GUARD() { + bdrv_co_pdiscard(s->source, t->req.offset, nbytes); + } } =20 return ret; --=20 2.45.2 From nobody Sat Dec 28 10:06:00 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1719512043; cv=none; d=zohomail.com; s=zohoarc; b=N+0KgZ/CSAsJQssf8tRYoEgwF5zhPzoEM4Vdwm1ruKZ0CB/WDN0Ts3bBK2YZmJPZGAJ0qy/XUfzGIaz4f9FnY89qEwzAWiy0Y6H0czfPE26rZR2SYSJi7RUvNVJD7wEAmdVem9ZiVwgufwUpokdpHKMm/WUN6wOwgJTVXISa48s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1719512043; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=rKJuPVFNNYUhZQVtic//1vSOUoT+wo03xwqaa+7Rb3c=; b=KqtB0xLLBWZ3uaVBx71jIBxaNFSzXVat9EL8EvjDg2oC9nfrCziW4CDShk+DPU2+yXRxYq5elzUrB/exrfrSSj3mbKty7aiFQbaQja6BCxE3y1Iyk+B+s+bJlVyu6/g28dhaq+ETD4yHdW3q1wh3pp4zdWoECbIqKynNaU1Bzeo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 171951204393014.32226016922857; Thu, 27 Jun 2024 11:14:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sMtck-0005Yb-FE; Thu, 27 Jun 2024 14:13:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMtca-0005W6-KV for qemu-devel@nongnu.org; Thu, 27 Jun 2024 14:13:26 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMtcO-0006pa-Lh for qemu-devel@nongnu.org; Thu, 27 Jun 2024 14:13:24 -0400 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-214-VRjYTbKJMP6jLCjaRubL4Q-1; Thu, 27 Jun 2024 14:13:10 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 79B30195608F; Thu, 27 Jun 2024 18:13:07 +0000 (UTC) Received: from merkur.redhat.com (unknown [10.39.192.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3411519773D9; Thu, 27 Jun 2024 18:13:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1719511991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rKJuPVFNNYUhZQVtic//1vSOUoT+wo03xwqaa+7Rb3c=; b=DHJntvkJy/+dyKokqqw4UdX2v9nsb9dMsSbEJbmOHBvdiInvkqYYXWirHib6P7YI39rdBO ehufHKFBmh8kFXEt1M/0AqvXTvfv8uvYGrPCgVn8deD72wsxRvISvB+29R9Dn9efVtB8VO PEYnXb/n04FPCh32V2pw0NQ/ltTRIuY= X-MC-Unique: VRjYTbKJMP6jLCjaRubL4Q-1 From: Kevin Wolf To: qemu-block@nongnu.org Cc: kwolf@redhat.com, stefanha@redhat.com, eblake@redhat.com, pbonzini@redhat.com, qemu-devel@nongnu.org Subject: [PATCH 2/2] block/graph-lock: Make WITH_GRAPH_RDLOCK_GUARD() fully checked Date: Thu, 27 Jun 2024 20:12:45 +0200 Message-ID: <20240627181245.281403-3-kwolf@redhat.com> In-Reply-To: <20240627181245.281403-1-kwolf@redhat.com> References: <20240627181245.281403-1-kwolf@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -22 X-Spam_score: -2.3 X-Spam_bar: -- X-Spam_report: (-2.3 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.212, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1719512044701100001 Content-Type: text/plain; charset="utf-8" Upstream clang 18 (and backports to clang 17 in Fedora and RHEL) implemented support for __attribute__((cleanup())) in its Thread Safety Analysis, so we can now actually have a proper implementation of WITH_GRAPH_RDLOCK_GUARD() that understands when we acquire and when we release the lock. -Wthread-safety is now only enabled if the compiler is new enough to understand this pattern. In theory, we could have used some #ifdefs to keep the existing basic checks on old compilers, but as long as someone runs a newer compiler (and our CI does), we will catch locking problems, so it's probably not worth keeping multiple implementations for this. The implementation can't use g_autoptr any more because the glib macros define wrapper functions that don't have the right TSA attributes, so the compiler would complain about them. Just use the cleanup attribute directly instead. Signed-off-by: Kevin Wolf Reviewed-by: Manos Pitsidianakis Reviewed-by: Stefan Hajnoczi --- include/block/graph-lock.h | 21 ++++++++++++++------- meson.build | 14 +++++++++++++- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h index d7545e82d0..dc8d949184 100644 --- a/include/block/graph-lock.h +++ b/include/block/graph-lock.h @@ -209,31 +209,38 @@ typedef struct GraphLockable { } GraphLockable; * unlocked. TSA_ASSERT_SHARED() makes sure that the following calls know = that * we hold the lock while unlocking is left unchecked. */ -static inline GraphLockable * TSA_ASSERT_SHARED(graph_lock) TSA_NO_TSA cor= outine_fn +static inline GraphLockable * TSA_ACQUIRE_SHARED(graph_lock) coroutine_fn graph_lockable_auto_lock(GraphLockable *x) { bdrv_graph_co_rdlock(); return x; } =20 -static inline void TSA_NO_TSA coroutine_fn -graph_lockable_auto_unlock(GraphLockable *x) +static inline void TSA_RELEASE_SHARED(graph_lock) coroutine_fn +graph_lockable_auto_unlock(GraphLockable **x) { bdrv_graph_co_rdunlock(); } =20 -G_DEFINE_AUTOPTR_CLEANUP_FUNC(GraphLockable, graph_lockable_auto_unlock) +#define GRAPH_AUTO_UNLOCK __attribute__((cleanup(graph_lockable_auto_unloc= k))) =20 +/* + * @var is only used to break the loop after the first iteration. + * @unlock_var can't be unlocked and then set to NULL because TSA wants th= e lock + * to be held at the start of every iteration of the loop. + */ #define WITH_GRAPH_RDLOCK_GUARD_(var) = \ - for (g_autoptr(GraphLockable) var =3D graph_lockable_auto_lock(GML_OBJ= _()); \ + for (GraphLockable *unlock_var GRAPH_AUTO_UNLOCK =3D = \ + graph_lockable_auto_lock(GML_OBJ_()), = \ + *var =3D unlock_var; = \ var; = \ - graph_lockable_auto_unlock(var), var =3D NULL) + var =3D NULL) =20 #define WITH_GRAPH_RDLOCK_GUARD() \ WITH_GRAPH_RDLOCK_GUARD_(glue(graph_lockable_auto, __COUNTER__)) =20 #define GRAPH_RDLOCK_GUARD(x) \ - g_autoptr(GraphLockable) \ + GraphLockable * GRAPH_AUTO_UNLOCK \ glue(graph_lockable_auto, __COUNTER__) G_GNUC_UNUSED =3D \ graph_lockable_auto_lock(GML_OBJ_()) =20 diff --git a/meson.build b/meson.build index 97e00d6f59..b1d5ce5f1d 100644 --- a/meson.build +++ b/meson.build @@ -624,7 +624,19 @@ warn_flags =3D [ ] =20 if host_os !=3D 'darwin' - warn_flags +=3D ['-Wthread-safety'] + tsa_has_cleanup =3D cc.compiles(''' + struct __attribute__((capability("mutex"))) mutex {}; + void lock(struct mutex *m) __attribute__((acquire_capability(m))); + void unlock(struct mutex *m) __attribute__((release_capability(m))); + + void test(void) { + struct mutex __attribute__((cleanup(unlock))) m; + lock(&m); + } + ''', args: ['-Wthread-safety', '-Werror']) + if tsa_has_cleanup + warn_flags +=3D ['-Wthread-safety'] + endif endif =20 # Set up C++ compiler flags --=20 2.45.2