Xen project Mailing List

infinite loop in xenstat_qmp.c

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Reiser, Hans" <hr@xxxxxxxxxxxxxxxxx>

Date: Mon, 9 Nov 2020 14:36:11 +0000

Accept-language: de-DE, en-US

Delivery-date: Mon, 09 Nov 2020 14:41:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHWtqWrP5ss4mCWiE+RSioLt66eLw==

Thread-topic: infinite loop in xenstat_qmp.c

Hi, I have seen several occasions with "dead" xentop processes consuming 100% CPU time, and tracked this down to the following problem: When the QEMU process the qmp_read function is communicating with terminates, qmp_read may enter an infinite loop: poll signals EOF (POLLIN and POLLHUP set), the subsequent read() call returns 0, and then the function calls poll again, which still sees the EOF condition and will return again immediately with POLLIN and POLLHUP set, repeating ad infinitum. A simple fix is to terminate the loop when read returns 0 (under "normal" instances, poll will return with POLLIN set only if there is data to read, so read will always read >0 bytes, except if the socket has been closed). Cheers, Hans diff --git a/tools/xenstat/libxenstat/src/xenstat_qmp.c b/tools/xenstat/libxenstat/src/xenstat_qmp.c index 19b236e7b6..0c5748ba68 100644 --- a/tools/xenstat/libxenstat/src/xenstat_qmp.c +++ b/tools/xenstat/libxenstat/src/xenstat_qmp.c @@ -298,7 +298,7 @@ static int qmp_read(int qfd, unsigned char **qstats) pfd[0].events = POLLIN; while ((n = poll(pfd, 1, 10)) > 0) { if (pfd[0].revents & POLLIN) { - if ((n = read(qfd, buf, sizeof(buf))) < 0) { + if ((n = read(qfd, buf, sizeof(buf))) <= 0) { free(*qstats); return 0; }

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.