qmp: Fix thread race

This fixes a thread race involving the monitor in monitor_qmp_event and monitor_qapi_event_emit .

Signed-off-by: Marc Morcos <marcmorcos@google.com>
Link: https://lore.kernel.org/r/20251213001443.2041258-4-marcmorcos@google.com
[Use QEMU_LOCK_GUARD and "continue". - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/monitor/monitor.c b/monitor/monitor.c
index c5a5d308774b0061853a5316e8b66ba7c61b6691..1273eb7260556d2ba9d9c6e87e08d1bb6fb887c6 100644 (file)
--- a/monitor/monitor.c
+++ b/monitor/monitor.c
@@ -346,9 +346,13 @@ static void monitor_qapi_event_emit(QAPIEvent event, QDict *qdict)
         }
 
         qmp_mon = container_of(mon, MonitorQMP, common);
-        if (qmp_mon->commands != &qmp_cap_negotiation_commands) {
-            qmp_send_response(qmp_mon, qdict);
+        {
+            QEMU_LOCK_GUARD(&mon->mon_lock);
+            if (qmp_mon->commands == &qmp_cap_negotiation_commands) {
+                continue;
+            }
         }
+        qmp_send_response(qmp_mon, qdict);
     }
 }
 

diff --git a/monitor/qmp.c b/monitor/qmp.c
index cb99a12d94175b395033569e8ead908d9453e759..e1419a9efa39668df028a4e8d7db448ea529e40f 100644 (file)
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -462,8 +462,10 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
 
     switch (event) {
     case CHR_EVENT_OPENED:
-        mon->commands = &qmp_cap_negotiation_commands;
-        monitor_qmp_caps_reset(mon);
+        WITH_QEMU_LOCK_GUARD(&mon->common.mon_lock) {
+            mon->commands = &qmp_cap_negotiation_commands;
+            monitor_qmp_caps_reset(mon);
+        }
         data = qmp_greeting(mon);
         qmp_send_response(mon, data);
         qobject_unref(data);