socket: fixing possible mixed up response with events #210

rouming · 2023-11-08T08:13:40Z

Patch drains possible events on qmp socket until true "qmp_capabilities" response is received.

This targets a nasty and rare problem in "Connect(), Run()" sequence, when asynchronous QEMU "event" just after the "qmp_capabilities" request is accepted as response and further any QMP request gets completed with response from the preceding "qmp_capabilities" response.

The following QMP protocol sequence is possible:

1 read {"QMP": {"version": {"qemu": {"micro": 0, "minor": 1, "major": 5}, ...}"
2 write {"execute":"qmp_capabilities"}
3 read {"timestamp": {"seconds": xxx, "microseconds": xxx}, "event": "any"}
4 read {"return": {}}

the 3. is unexpected by the current Connect() implementation and "event" is considered as a proper response on "qmp_capabilities", in other turn 4. is read in the go.mos.listen() and immediately pushed to the stream channel, so any further QMP command (Run() call) will be immediately completed by an empty response from line 4.

The described problem of unexpected empty response line was observed on this code qmp.SocketMonitor sequence:

Connect()
Run('{"execute":"query-status"}') <<< Returns empty response
Disconnect()

The problem is very rare and was observed ~5 times on different machines over a fairly long period of time (several months), which corresponds to nature of the described rare protocol race.

The current patch was tested on modified QEMU, where an aritifical sleep() was introduced in the qmp_marshal_qmp_capabilities() call just right after the qmp_qmp_capabilities() was invoked, so all further events can be accepted by the QMP socket:

 --- qapi/qapi-commands-control.c        2023-11-08 08:55:16.209007741 +0100
 +++ qapi/qapi-commands-control.c.orig   2023-11-08 08:55:13.929005997 +0100
 @@ -42,10 +42,6 @@

      qmp_qmp_capabilities(arg.has_enable, arg.enable, &err);

 +    printf(">>> BEFORE SLEEP 10\n");
 +    sleep(10);
 +    printf(">>> AFTER SLEEP 10\n");
 +
      error_propagate(errp, err);

  out:

Any QMP event can be freely received by the QMP client, while the execution flow of the qmp_marshal_qmp_capabilities() was interrupted or scheduled out.

The fix of the described is simple: read from the QMP socket until response is received and drop all possible events.

Patch drains possible events on qmp socket until true "qmp_capabilities" response is received. This targets a nasty and rare problem in "Connect(), Run()" sequence, when asynchronous QEMU "event" just after the "qmp_capabilities" request is accepted as response and further any QMP request gets completed with response from the preceding "qmp_capabilities" response. The following QMP protocol sequence is possible: 1 read {"QMP": {"version": {"qemu": {"micro": 0, "minor": 1, "major": 5}, ...}" 2 write {"execute":"qmp_capabilities"} 3 read {"timestamp": {"seconds": xxx, "microseconds": xxx}, "event": "..."} 4 read {"return": {}} the 3. is unexpected by the current Connect() implementation and "event" is considered as a proper response on "qmp_capabilities", in other turn 4. is read in the go.mos.listen() and immediately pushed to the stream channel, so any further QMP command (Run() call) will be immediately completed by an empty response from line 4. The described problem of unexpected empty response line was observed on this code qmp.SocketMonitor sequence: Connect() Run('{"execute":"query-status"}') <<< Returns empty response Disconnect() The problem is very rare and was observed ~5 times on different machines over a fairly long period of time (several months), which corresponds to nature of the described rare protocol race. The current patch was tested on modified QEMU, where an aritifical sleep() was introduced in the qmp_marshal_qmp_capabilities() call just right after the qmp_qmp_capabilities() was invoked, so all further events can be accepted by the QMP socket: --- qapi/qapi-commands-control.c 2023-11-08 08:55:16.209007741 +0100 +++ qapi/qapi-commands-control.c.orig 2023-11-08 08:55:13.929005997 +0100 @@ -42,10 +42,6 @@ qmp_qmp_capabilities(arg.has_enable, arg.enable, &err); + printf(">>> BEFORE SLEEP 10\n"); + sleep(10); + printf(">>> AFTER SLEEP 10\n"); + error_propagate(errp, err); out: Any QMP event can be freely received by the QMP client, while the execution flow of the qmp_marshal_qmp_capabilities() was interrupted or scheduled out. The fix of the described is simple: read from the QMP socket until response is received and drop all possible events. Signed-off-by: Roman Penyaev <[email protected]>

QEMU status is very crucial to EVE and any error or unexpected status leads to QEMU process is being stopped. There is an issue in the 3rd QMP library: digitalocean/go-qemu#210 And in order to be on a safe side and avoid these kind of problems in the future repeat status qeury several times. Signed-off-by: Roman Penyaev <[email protected]>

rouming requested a review from a team as a code owner November 8, 2023 08:13

rouming mentioned this pull request Nov 8, 2023

vendor/go-qemu: fixing possible mixed up response with events lf-edge/eve#3568

Merged

rouming force-pushed the master branch from 3173ca2 to 75f8117 Compare November 8, 2023 08:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

socket: fixing possible mixed up response with events #210

socket: fixing possible mixed up response with events #210

rouming commented Nov 8, 2023

socket: fixing possible mixed up response with events #210

Are you sure you want to change the base?

socket: fixing possible mixed up response with events #210

Conversation

rouming commented Nov 8, 2023