On Wed, May 20, 2020 at 11:05:39PM +0200, Lukas Straub wrote:
> +void yank_generic_iochannel(void *opaque)
> +{
> +    QIOChannel *ioc = QIO_CHANNEL(opaque);
> +
> +    qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
> +}
> +
> +void qmp_yank(strList *instances, Error **errp)
> +{
> +    strList *tmp;
> +    struct YankInstance *instance;
> +    struct YankFuncAndParam *entry;
> +
> +    qemu_mutex_lock(&lock);
> +    tmp = instances;
> +    for (; tmp; tmp = tmp->next) {
> +        instance = yank_find_instance(tmp->value);
> +        if (!instance) {
> +            error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> +                      "Instance '%s' not found", tmp->value);
> +            qemu_mutex_unlock(&lock);
> +            return;
> +        }
> +    }
> +    tmp = instances;
> +    for (; tmp; tmp = tmp->next) {
> +        instance = yank_find_instance(tmp->value);
> +        assert(instance);
> +        QLIST_FOREACH(entry, &instance->yankfns, next) {
> +            entry->func(entry->opaque);
> +        }
> +    }
> +    qemu_mutex_unlock(&lock);
> +}

From docs/devel/qapi-code-gen.txt:

  An OOB-capable command handler must satisfy the following conditions:

  - It terminates quickly.
  - It does not invoke system calls that may block.
  - It does not access guest RAM that may block when userfaultfd is
    enabled for postcopy live migration.
  - It takes only "fast" locks, i.e. all critical sections protected by
    any lock it takes also satisfy the conditions for OOB command
    handler code.

This patch series violates these rules and calls existing functions that
were not designed for OOB execution.

Please explain why it is safe to do this.

Stefan

Attachment: signature.asc
Description: PGP signature

Reply via email to