On Tue, 15 Dec 2020 at 11:53, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
> On 15/12/20 12:44, Peter Maydell wrote:
> >
> >> +static inline void timer_free(QEMUTimer *ts)
> >> +{
> >> +
> >> + if (ts->expire_time != -1) {
> >> + timer_del(ts);
> >> + }
> >> + g_free(ts);
> >> +}
> > I was thinking about this again this morning, and I'm not sure
> > this is thread-safe.
>
> It may not be thread-safe in principle, but any code that calls
> timer_mod, and isn't itself protected by a lock against timer_free, will
> be racing against the g_free immediately after. That is, that code
> could run after g_free and have a use-after-free bug.
I was thinking about potential races between the thread doing
the timer_free() and the iothread trying to run timers. Or
can that not happen ?
> But yes, I agree it is also an unnecessary optimization. It's better
> done in timer_del_locked, and removed from timer_mod_anticipate_ns.
> Since you are at it, you may also want to push the call to
> timer_del_locked down from timer_mod_ns and timer_mod_anticipate_ns to
> their callee, timer_mod_ns_locked.
One thing at a time :-)
thanks
-- PMM
