[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 29/55] blockjob: update nodes head while removing all bdrv
|
From: |
Michael Roth |
|
Subject: |
[PATCH 29/55] blockjob: update nodes head while removing all bdrv |
|
Date: |
Tue, 5 Nov 2019 14:52:17 -0600 |
From: Sergio Lopez <address@hidden>
block_job_remove_all_bdrv() iterates through job->nodes, calling
bdrv_root_unref_child() for each entry. The call to the latter may
reach child_job_[can_]set_aio_ctx(), which will also attempt to
traverse job->nodes, potentially finding entries that where freed
on previous iterations.
To avoid this situation, update job->nodes head on each iteration to
ensure that already freed entries are no longer linked to the list.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1746631
Signed-off-by: Sergio Lopez <address@hidden>
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Sergio Lopez <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit d876bf676f5e7c6aa9ac64555e48cba8734ecb2f)
Signed-off-by: Michael Roth <address@hidden>
---
blockjob.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/blockjob.c b/blockjob.c
index 20b7f557da..74abb97bfd 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -186,14 +186,23 @@ static const BdrvChildRole child_job = {
void block_job_remove_all_bdrv(BlockJob *job)
{
- GSList *l;
- for (l = job->nodes; l; l = l->next) {
+ /*
+ * bdrv_root_unref_child() may reach child_job_[can_]set_aio_ctx(),
+ * which will also traverse job->nodes, so consume the list one by
+ * one to make sure that such a concurrent access does not attempt
+ * to process an already freed BdrvChild.
+ */
+ while (job->nodes) {
+ GSList *l = job->nodes;
BdrvChild *c = l->data;
+
+ job->nodes = l->next;
+
bdrv_op_unblock_all(c->bs, job->blocker);
bdrv_root_unref_child(c);
+
+ g_slist_free_1(l);
}
- g_slist_free(job->nodes);
- job->nodes = NULL;
}
bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs)
--
2.17.1
- [PATCH 20/55] libvhost-user: fix SLAVE_SEND_FD handling, (continued)
- [PATCH 20/55] libvhost-user: fix SLAVE_SEND_FD handling, Michael Roth, 2019/11/05
- [PATCH 24/55] curl: Keep *socket until the end of curl_sock_cb(), Michael Roth, 2019/11/05
- [PATCH 15/55] iotests: Restrict file Python tests to file, Michael Roth, 2019/11/05
- [PATCH 17/55] iotests: Test blockdev-create for vpc, Michael Roth, 2019/11/05
- [PATCH 26/55] curl: Pass CURLSocket to curl_multi_do(), Michael Roth, 2019/11/05
- [PATCH 28/55] curl: Handle success in multi_check_completion, Michael Roth, 2019/11/05
- [PATCH 32/55] qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation(), Michael Roth, 2019/11/05
- [PATCH 36/55] make-release: pull in edk2 submodules so we can build it from tarballs, Michael Roth, 2019/11/05
- [PATCH 27/55] curl: Report only ready sockets, Michael Roth, 2019/11/05
- [PATCH 30/55] block/qcow2: Fix corruption introduced by commit 8ac0f15f335, Michael Roth, 2019/11/05
- [PATCH 29/55] blockjob: update nodes head while removing all bdrv,
Michael Roth <=
- [PATCH 02/55] Revert "ide/ahci: Check for -ECANCELED in aio callbacks", Michael Roth, 2019/11/05
- [PATCH 22/55] block/nfs: tear down aio before nfs_close, Michael Roth, 2019/11/05
- [PATCH 31/55] coroutine: Add qemu_co_mutex_assert_locked(), Michael Roth, 2019/11/05
- [PATCH 33/55] block/backup: fix max_transfer handling for copy_range, Michael Roth, 2019/11/05
- [PATCH 38/55] s390: PCI: fix IOMMU region init, Michael Roth, 2019/11/05
- [PATCH 35/55] hw/arm/boot.c: Set NSACR.{CP11, CP10} for NS kernel boots, Michael Roth, 2019/11/05
- [PATCH 34/55] block/backup: fix backup_cow_with_offload for last cluster, Michael Roth, 2019/11/05
- [PATCH 39/55] block/snapshot: Restrict set of snapshot nodes, Michael Roth, 2019/11/05
- [PATCH 03/55] s390x/tcg: Fix VERIM with 32/64 bit elements, Michael Roth, 2019/11/05
- [PATCH 43/55] qcow2: Limit total allocation range to INT_MAX, Michael Roth, 2019/11/05