From patchwork Mon Dec 4 14:22:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 120553 Delivered-To: patches@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4495002qgn; Mon, 4 Dec 2017 06:22:14 -0800 (PST) X-Google-Smtp-Source: AGs4zMYbABN8jLKMdk1xNKBEkPgLRgrI9+2Aom3s0QCJ/vLi5dBiknRzve+uDRcNS062CR30u2Kn X-Received: by 10.223.130.205 with SMTP id 71mr13854299wrc.101.1512397334288; Mon, 04 Dec 2017 06:22:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512397334; cv=none; d=google.com; s=arc-20160816; b=sff9mJMiOblazPgdM7tlNgZWsvXYWmTMaZOHopK6pyVIt4TZ5JxzjRoXfX7xERLDvX G7Zjt5mEvTwhd3KvsOsQtnEw8Wj7BZ27VlND1UfMAEeCWZcMFeZPYuKUG64V6/NFt7bW Sv5kuz2ZT4qtqYsPkkTZgd34aEUYe0U7XHrn7rLIEJ03qR4S3MqIeUbPkCepgSIdZwSg CncPncLHaUXmy6wHxV6hn6m1KekLZd/B6a0OrFdh0PvMvALAb7zGit+/hAY3RDSfB7t+ AyuUKlKzm4bPO93An1dMSdFTWzVPeXXrzkAp5Ln0l0RY/QUwTWzjf2606Q/BdfnXCStG Ft3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:arc-authentication-results; bh=SIghcG6TxvDvKxmAUu/Lgw5b8bcwoBT/XFEoBzZzHU4=; b=rN8xtnOEJAmvdCVyaTAGNV4qyZ1HgZDrUFdbC0p7yxFrKQWnHK7QaR18WLhmH9SqdE BoF7soHCxd4D9JpJRW4Y5KFMXavDTAJyqlROFrkrloeN5D7bB/myy+8DQW+awv0k71Gi +dNaa8Mg3+d4Ojm4lRPdDMl2f11ICtRqbLFN1Xh/Rm7pTiQxB2AZQKIjLIXD0QD7LSWW tbY6fJxvpfKeKJCczAvYCaz0Oa2vw2dbr7kIciy8BW6sTQuV/KCM+tvrBURZzlmuyIfm caDmD9AAbHywkMHrGMvA7LotrenkbK2QpHgVgcJa6jZOy/Uin2BGG1+fXsg+03rLCiTK ikJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id c75si5036491wme.91.2017.12.04.06.22.14 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 04 Dec 2017 06:22:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1eLrdM-0003UK-Fl; Mon, 04 Dec 2017 14:22:12 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, patches@linaro.org, Riku Voipio , Laurent Vivier Subject: [PATCH] linux-user: Fix locking order in fork_start() Date: Mon, 4 Dec 2017 14:22:11 +0000 Message-Id: <1512397331-15238-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 Our locking order is that the tb lock should be taken inside the mmap_lock, but fork_start() grabs locks the other way around. This means that if a heavily multithreaded guest process (such as Java) calls fork() it can deadlock, with the thread that called fork() stuck in fork_start() with the tb lock and waiting for the mmap lock, but some other thread in tb_find() with the mmap lock and waiting for the tb lock. The cpu_list_lock() should also always be taken last, not first. Fix this by making fork_start() grab the locks in the right order. The order in which we drop locks doesn't matter, so we leave fork_end() the way it is. Signed-off-by: Peter Maydell Cc: qemu-stable@nongnu.org --- linux-user/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Paolo Bonzini Reviewed-by: Alex Bennée diff --git a/linux-user/main.c b/linux-user/main.c index 6286661..146ee3e 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -128,9 +128,9 @@ int cpu_get_pic_interrupt(CPUX86State *env) /* Make sure everything is in a consistent state for calling fork(). */ void fork_start(void) { - cpu_list_lock(); - qemu_mutex_lock(&tb_ctx.tb_lock); mmap_fork_start(); + qemu_mutex_lock(&tb_ctx.tb_lock); + cpu_list_lock(); } void fork_end(int child)