[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PULL 13/16] blockjob: update nodes head while removing all
From: |
Max Reitz |
Subject: |
[Qemu-block] [PULL 13/16] blockjob: update nodes head while removing all bdrv |
Date: |
Mon, 16 Sep 2019 16:22:43 +0200 |
From: Sergio Lopez <address@hidden>
block_job_remove_all_bdrv() iterates through job->nodes, calling
bdrv_root_unref_child() for each entry. The call to the latter may
reach child_job_[can_]set_aio_ctx(), which will also attempt to
traverse job->nodes, potentially finding entries that where freed
on previous iterations.
To avoid this situation, update job->nodes head on each iteration to
ensure that already freed entries are no longer linked to the list.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1746631
Signed-off-by: Sergio Lopez <address@hidden>
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Sergio Lopez <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
---
blockjob.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/blockjob.c b/blockjob.c
index 2abed0f551..c6e20e2fcd 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -175,14 +175,23 @@ static const BdrvChildRole child_job = {
void block_job_remove_all_bdrv(BlockJob *job)
{
- GSList *l;
- for (l = job->nodes; l; l = l->next) {
+ /*
+ * bdrv_root_unref_child() may reach child_job_[can_]set_aio_ctx(),
+ * which will also traverse job->nodes, so consume the list one by
+ * one to make sure that such a concurrent access does not attempt
+ * to process an already freed BdrvChild.
+ */
+ while (job->nodes) {
+ GSList *l = job->nodes;
BdrvChild *c = l->data;
+
+ job->nodes = l->next;
+
bdrv_op_unblock_all(c->bs, job->blocker);
bdrv_root_unref_child(c);
+
+ g_slist_free_1(l);
}
- g_slist_free(job->nodes);
- job->nodes = NULL;
}
bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs)
--
2.21.0
- [Qemu-block] [PULL 03/16] tests/qemu-iotests/check: Replace "tests" with "iotests" in final status text, (continued)
- [Qemu-block] [PULL 03/16] tests/qemu-iotests/check: Replace "tests" with "iotests" in final status text, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 04/16] tests/Makefile: Do not print the name of the check-block.sh shell script, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 06/16] curl: Keep pointer to the CURLState in CURLSocket, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 05/16] tests/qemu-iotests: Fix qemu-io related output in 026.out.nocache, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 07/16] curl: Keep *socket until the end of curl_sock_cb(), Max Reitz, 2019/09/16
- [Qemu-block] [PULL 08/16] curl: Check completion in curl_multi_do(), Max Reitz, 2019/09/16
- [Qemu-block] [PULL 09/16] curl: Pass CURLSocket to curl_multi_do(), Max Reitz, 2019/09/16
- [Qemu-block] [PULL 10/16] curl: Report only ready sockets, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 11/16] curl: Handle success in multi_check_completion, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 12/16] curl: Check curl_multi_add_handle()'s return code, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 13/16] blockjob: update nodes head while removing all bdrv,
Max Reitz <=
- [Qemu-block] [PULL 14/16] block/qcow2: Fix corruption introduced by commit 8ac0f15f335, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 15/16] block/qcow2: refactor encryption code, Max Reitz, 2019/09/16
- [Qemu-block] [PULL 16/16] qemu-iotests: Add test for bz #1745922, Max Reitz, 2019/09/16
- Re: [Qemu-block] [Qemu-devel] [PULL 00/16] Block patches, no-reply, 2019/09/16
- Re: [Qemu-block] [PULL 00/16] Block patches, Peter Maydell, 2019/09/17