Page MenuHomeFreeBSD
Differential D22286

bhyve: rework mevent processing to fix a race condition
ClosedPublic
Actions

Authored by vmaffione on Nov 8 2019, 9:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Feb 22, 7:00 AM
Unknown Object (File)
Mon, Feb 17, 1:05 PM
Unknown Object (File)
Jan 21 2025, 10:41 PM
Unknown Object (File)
Jan 11 2025, 3:12 AM
Unknown Object (File)
Jan 7 2025, 11:07 AM
Unknown Object (File)
Dec 14 2024, 1:17 AM
Unknown Object (File)
Nov 19 2024, 7:37 AM
Unknown Object (File)
Nov 19 2024, 7:32 AM
View All 69 Files
Subscribers
bcran
bryanv
gnn
imp
rgrimes

Details

Reviewers
jhb
afedorov
markj
Group Reviewers
bhyve
Commits
rS355117: MFC r354659
rS354659: bhyve: rework mevent processing to fix a race condition
Summary

At the end of both mevent_add() and mevent_update(), mevent_notify() is called to wakeup the I/O thread, that will call kevent(changelist) to update the kernel.
A race condition is possible where the client calls mevent_add() and mevent_update(EV_ENABLE) before the I/O thread has the chance to wake up and call mevent_build()+kevent(changelist) in response to mevent_add(). The mevent_add() is therefore ignored by the I/O thread, and kevent(fd, EV_ENABLE) is called before kevent(fd, EV_ADD), resuliting in a failure of the kevent(fd, EV_ENABLE) call.

Test Plan

Tested with vtnet+TAP and e1000+TAP (netperf + ping between a VM and the host).

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

vmaffione created this revision.Nov 8 2019, 9:43 PM
Herald added a reviewer: bhyve. · View Herald TranscriptNov 8 2019, 9:43 PM
Herald added subscribers: bcran, rgrimes, imp. · View Herald Transcript
Harbormaster completed remote builds in B27404: Diff 64092.Nov 8 2019, 9:43 PM
vmaffione edited the summary of this revision. (Show Details)Nov 8 2019, 9:49 PM
vmaffione added a reviewer: markj.Nov 9 2019, 9:48 AM
afedorov accepted this revision.Nov 9 2019, 3:07 PM

The changes look good to me. And I can not reproduce the bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241808

This revision is now accepted and ready to land.Nov 9 2019, 3:07 PM
vmaffione added a comment.Nov 9 2019, 3:14 PM

Thanks for testing.

jhb added inline comments.Nov 9 2019, 6:37 PM
usr.sbin/bhyve/mevent.c
196

Perhaps put the comment above the line? That is the more typical style in FreeBSD. You could also remove the EV_ADD check and just clear the bit unconditionally with the comment explaining why.

304

Maybe make this 'bool enable' instead? Then the switch statement below can be simplified I think to be:

newstate = evp->me_state;
if (enable) {
   newstate &= ~EV_DISABLE;
   newstate |= EV_ENABLE;
} else {
   newstate &= ~EV_ENABLE;
   newstate |= EV_DISABLE;
}

This avoids the assert and I think is clearer about what the code is doing. You could also perhaps do something like this if you leave 'commnd':

newstate = evp->me_state & ~(EV_ENABLE | EV_DISABLE);
newstate |= command;

I don't think you need the assertion since the function is static and it's easy to verify all the two callers in the same file.

vmaffione updated this revision to Diff 64154.Nov 10 2019, 7:05 PM
vmaffione marked 2 inline comments as done.

Addressed two comments.

This revision now requires review to proceed.Nov 10 2019, 7:05 PM
vmaffione added a comment.Nov 10 2019, 7:05 PM

Comments addressed.

markj accepted this revision as: markj.Nov 11 2019, 1:28 PM
markj added inline comments.
usr.sbin/bhyve/mevent.c
183

I would suggest keeping the mevent_kq_flags() wrapper just for consistency with these other wrappers.

312

Unrelated to your change, but I don't see why this check is safe. Isn't it possible for the mevent thread to be concurrently freeing the event object?

This revision is now accepted and ready to land.Nov 11 2019, 1:28 PM
vmaffione updated this revision to Diff 64195.Nov 11 2019, 6:49 PM
vmaffione marked 2 inline comments as done.

Move check under the lock.
Minor refactor.

This revision now requires review to proceed.Nov 11 2019, 6:49 PM
vmaffione added a comment.Nov 11 2019, 6:49 PM

Addressed more comments.

usr.sbin/bhyve/mevent.c
312

The check should be done under qlock, indeed.

As far as I can understand, it is implicit that the client cannot call mevent_enable(), mevent_disable() or use the mevp after calling mevent_delete() or mevent_delete_close(). If this is true I think we are safe.

vmaffione added inline comments.Nov 11 2019, 6:51 PM
usr.sbin/bhyve/mevent.c
312

At that point the check should probably be an assert, I guess.

markj accepted this revision as: markj.Nov 11 2019, 8:09 PM
markj added inline comments.
usr.sbin/bhyve/mevent.c
149–150

Style: missing parens around the return value.

300

Fix style here and above, since you're changing these lines anyway?

312

Indeed, I think an assertion makes more sense.

This revision is now accepted and ready to land.Nov 11 2019, 8:09 PM
vmaffione updated this revision to Diff 64205.Nov 11 2019, 9:23 PM
vmaffione marked 3 inline comments as done.

Addressed more comments.

This revision now requires review to proceed.Nov 11 2019, 9:23 PM
markj accepted this revision as: markj.Nov 11 2019, 10:59 PM
This revision is now accepted and ready to land.Nov 11 2019, 10:59 PM
Closed by commit rS354659: bhyve: rework mevent processing to fix a race condition (authored by vmaffione). · Explain WhyNov 12 2019, 9:08 PM
This revision was automatically updated to reflect the committed changes.
vmaffione added a commit: rS354659: bhyve: rework mevent processing to fix a race condition.
vmaffione added a commit: rS355117: MFC r354659.Nov 26 2019, 6:12 PM

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyve/
72 lines

Diff 64154

View Options

usr.sbin/bhyve/mevent.c

Loading...