[libvirt] [PATCH] command: avoid potential deadlock on handshake

Eric Blake eblake at redhat.com
Thu Jun 7 15:53:39 UTC 2012 

On 06/07/2012 12:51 AM, Michal Privoznik wrote:
> On 07.06.2012 01:37, Eric Blake wrote:
>> Similar to commit 858c247, the parent process should close it's
>> copy of the end of the pipe given to the child; otherwise, if there
>> is an extreme bug where the parent thinks the child reported an
>> error and is waiting for the message to go along with it, but the
>> child thinks it reported success and is waiting for the parent
>> to acknowledge the success, we would get into deadlock.
>>
>> Thankfully, I don't think this deadlock is possible without at
>> least one other bug in the code, but I did see exactly that sort
>> of situation prior to commit da831af - if a double close bug in
>> the parent causes the parent to read the wrong fd, it might assume
>> the child failed, even though the child really sent success if
>> only the parent had read from the correct location.
>>

> 
> ACK

I decided the commit message was confusing, so I updated it before pushing:

    There is a theoretical problem of an extreme bug where we can get
    into deadlock due to command handshaking.  Thanks to a pair of pipes,
    we have a situation where the parent thinks the child reported an
    error and is waiting for a message from the child to explain the
    error; but at the same time the child thinks it reported success
    and is waiting for the parent to acknowledge the success; so both
    processes are now blocked.

    Thankfully, I don't think this deadlock is possible without at
    least one other bug in the code, but I did see exactly that sort
    of situation prior to commit da831af - I saw a backtrace where a
    double close bug in the parent caused the parent to read from the
    wrong fd and assume the child failed, even though the child really
    sent success.

    This potential deadlock is not quite like commit 858c247 (a deadlock
    due to multiple readers on one pipe preventing a write from completing),
    although the solution is similar - always close unused pipe fds before
    blocking, rather than after.


-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120607/0681ecf7/attachment-0001.sig>

More information about the libvir-list mailing list