[Stable-8.2.3 27/87] mirror: Don't call job_pause

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Stable-8.2.3 27/87] mirror: Don't call job_pause_point() under graph lo

From:	Michael Tokarev
Subject:	[Stable-8.2.3 27/87] mirror: Don't call job_pause_point() under graph lock
Date:	Wed, 10 Apr 2024 10:22:00 +0300

From: Kevin Wolf <kwolf@redhat.com>

Calling job_pause_point() while holding the graph reader lock
potentially results in a deadlock: bdrv_graph_wrlock() first drains
everything, including the mirror job, which pauses it. The job is only
unpaused at the end of the drain section, which is when the graph writer
lock has been successfully taken. However, if the job happens to be
paused at a pause point where it still holds the reader lock, the writer
lock can't be taken as long as the job is still paused.

Mark job_pause_point() as GRAPH_UNLOCKED and fix mirror accordingly.

Cc: qemu-stable@nongnu.org
Buglink: https://issues.redhat.com/browse/RHEL-28125
Fixes: 004915a96a7a ("block: Protect bs->backing with graph_lock")
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20240313153000.33121-1-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit ae5a40e8581185654a667fbbf7e4adbc2a2a3e45)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/block/mirror.c b/block/mirror.c
index cd9d3ad4a8..abbddb39e4 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -479,9 +479,9 @@ static unsigned mirror_perform(MirrorBlockJob *s, int64_t 
offset,
     return bytes_handled;
 }
 
-static void coroutine_fn GRAPH_RDLOCK mirror_iteration(MirrorBlockJob *s)
+static void coroutine_fn GRAPH_UNLOCKED mirror_iteration(MirrorBlockJob *s)
 {
-    BlockDriverState *source = s->mirror_top_bs->backing->bs;
+    BlockDriverState *source;
     MirrorOp *pseudo_op;
     int64_t offset;
     /* At least the first dirty chunk is mirrored in one iteration. */
@@ -489,6 +489,10 @@ static void coroutine_fn GRAPH_RDLOCK 
mirror_iteration(MirrorBlockJob *s)
     bool write_zeroes_ok = bdrv_can_write_zeroes_with_unmap(blk_bs(s->target));
     int max_io_bytes = MAX(s->buf_size / MAX_IN_FLIGHT, MAX_IO_BYTES);
 
+    bdrv_graph_co_rdlock();
+    source = s->mirror_top_bs->backing->bs;
+    bdrv_graph_co_rdunlock();
+
     bdrv_dirty_bitmap_lock(s->dirty_bitmap);
     offset = bdrv_dirty_iter_next(s->dbi);
     if (offset < 0) {
@@ -1078,9 +1082,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
                 mirror_wait_for_free_in_flight_slot(s);
                 continue;
             } else if (cnt != 0) {
-                bdrv_graph_co_rdlock();
                 mirror_iteration(s);
-                bdrv_graph_co_rdunlock();
             }
         }
 
diff --git a/include/qemu/job.h b/include/qemu/job.h
index e502787dd8..b4bc2e174b 100644
--- a/include/qemu/job.h
+++ b/include/qemu/job.h
@@ -503,7 +503,7 @@ void job_enter(Job *job);
  *
  * Called with job_mutex *not* held.
  */
-void coroutine_fn job_pause_point(Job *job);
+void coroutine_fn GRAPH_UNLOCKED job_pause_point(Job *job);
 
 /**
  * @job: The job that calls the function.
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[Stable-8.2.3 18/87] hw/nvme: separate 'serial' property for VFs, (continued)
- [Stable-8.2.3 18/87] hw/nvme: separate 'serial' property for VFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 22/87] hw/nvme: Use pcie_sriov_num_vfs(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 25/87] hw/audio/virtio-sound: return correct command response size, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 21/87] hw/nvme: add machine compatibility parameter to enable msix exclusive bar, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 23/87] pcie_sriov: Validate NumVFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 24/87] hmat acpi: Fix out of bounds access due to missing use of indirection, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 26/87] migration: Skip only empty block devices, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 30/87] nbd/server: Fix race in draining the export, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 29/87] nbd/server: introduce NBDClient->lock to protect fields, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 31/87] iotests: Add test for reset/AioContext switches with NBD exports, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 27/87] mirror: Don't call job_pause_point() under graph lock, Michael Tokarev <=
- [Stable-8.2.3 28/87] nbd/server: only traverse NBDExport->clients from main loop thread, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 37/87] target/i386: fix direction of "32-bit MMU" test, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 32/87] tests/unit: Bump test-aio-multithread test timeout to 2 minutes, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 34/87] tests/unit: Bump test-replication timeout to 60 seconds, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 36/87] target/i386: use separate MMU indexes for 32-bit accesses, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 35/87] target/i386: introduce function to query MMU indices, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 33/87] tests/unit: Bump test-crypto-block test timeout to 5 minutes, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 38/87] Revert "chardev/char-socket: Fix TLS io channels sending too much data to the backend", Michael Tokarev, 2024/04/10
- [Stable-8.2.3 39/87] ui: compile dbus-display1.c with -fPIC as necessary, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 42/87] target/hppa: Fix assemble_11a insns for wide mode, Michael Tokarev, 2024/04/10

Prev by Date: [Stable-8.2.3 31/87] iotests: Add test for reset/AioContext switches with NBD exports
Next by Date: [Stable-8.2.3 28/87] nbd/server: only traverse NBDExport->clients from main loop thread
Previous by thread: [Stable-8.2.3 31/87] iotests: Add test for reset/AioContext switches with NBD exports
Next by thread: [Stable-8.2.3 28/87] nbd/server: only traverse NBDExport->clients from main loop thread
Index(es):
- Date
- Thread