[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 027/108] block: Prevent coroutine stack overflow whe
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 027/108] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file. |
Date: |
Wed, 6 Aug 2014 15:38:37 -0500 |
From: BenoƮt Canet <address@hidden>
In 1.7.1 qcow2_create2 reopen the file for flushing without the
BDRV_O_NO_BACKING
flags.
As a consequence the code would recursively open the whole backing chain.
These three stack arrays would pile up through the recursion and lead to a
coroutine
stack overflow.
Convert these array to malloced buffers in order to streamline the coroutine
footprint.
Symptoms where freezes or segfaults on production machines while taking QMP
externals
snapshots. The overflow disturbed coroutine switching.
[Resolved conflicts on qemu.git/master since the patch was against v1.7.1
--Stefan]
Signed-off-by: Benoit Canet <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 1ba4b6a553ad9ff4645af7fab8adfc6e810fcc69)
Signed-off-by: Michael Roth <address@hidden>
---
block.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/block.c b/block.c
index 990a754..e3ba203 100644
--- a/block.c
+++ b/block.c
@@ -1058,14 +1058,14 @@ fail:
*/
int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
{
- char backing_filename[PATH_MAX];
- int back_flags, ret;
+ char *backing_filename = g_malloc0(PATH_MAX);
+ int back_flags, ret = 0;
BlockDriver *back_drv = NULL;
Error *local_err = NULL;
if (bs->backing_hd != NULL) {
QDECREF(options);
- return 0;
+ goto free_exit;
}
/* NULL means an empty set of options */
@@ -1078,10 +1078,9 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict
*options, Error **errp)
backing_filename[0] = '\0';
} else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
QDECREF(options);
- return 0;
+ goto free_exit;
} else {
- bdrv_get_full_backing_filename(bs, backing_filename,
- sizeof(backing_filename));
+ bdrv_get_full_backing_filename(bs, backing_filename, PATH_MAX);
}
if (bs->backing_format[0] != '\0') {
@@ -1102,7 +1101,7 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict
*options, Error **errp)
error_setg(errp, "Could not open backing file: %s",
error_get_pretty(local_err));
error_free(local_err);
- return ret;
+ goto free_exit;
}
if (bs->backing_hd->file) {
@@ -1113,7 +1112,9 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict
*options, Error **errp)
/* Recalculate the BlockLimits with the backing file */
bdrv_refresh_limits(bs);
- return 0;
+free_exit:
+ g_free(backing_filename);
+ return ret;
}
/*
@@ -1170,8 +1171,7 @@ done:
void bdrv_append_temp_snapshot(BlockDriverState *bs, Error **errp)
{
/* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
- char tmp_filename[PATH_MAX + 1];
-
+ char *tmp_filename = g_malloc0(PATH_MAX + 1);
int64_t total_size;
BlockDriver *bdrv_qcow2;
QEMUOptionParameter *create_options;
@@ -1187,15 +1187,15 @@ void bdrv_append_temp_snapshot(BlockDriverState *bs,
Error **errp)
total_size = bdrv_getlength(bs);
if (total_size < 0) {
error_setg_errno(errp, -total_size, "Could not get image size");
- return;
+ goto out;
}
total_size &= BDRV_SECTOR_MASK;
/* Create the temporary image */
- ret = get_tmp_filename(tmp_filename, sizeof(tmp_filename));
+ ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not get temporary filename");
- return;
+ goto out;
}
bdrv_qcow2 = bdrv_find_format("qcow2");
@@ -1211,7 +1211,7 @@ void bdrv_append_temp_snapshot(BlockDriverState *bs,
Error **errp)
"'%s': %s", tmp_filename,
error_get_pretty(local_err));
error_free(local_err);
- return;
+ goto out;
}
/* Prepare a new options QDict for the temporary file */
@@ -1228,10 +1228,13 @@ void bdrv_append_temp_snapshot(BlockDriverState *bs,
Error **errp)
bs->open_flags & ~BDRV_O_SNAPSHOT, bdrv_qcow2, &local_err);
if (ret < 0) {
error_propagate(errp, local_err);
- return;
+ goto out;
}
bdrv_append(bs_snapshot, bs);
+
+out:
+ g_free(tmp_filename);
}
/*
--
1.9.1
- [Qemu-devel] [PATCH 017/108] pxa2xx: avoid buffer overrun on incoming migration, (continued)
- [Qemu-devel] [PATCH 017/108] pxa2xx: avoid buffer overrun on incoming migration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 018/108] ssi-sd: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 020/108] tsc210x: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 024/108] target-arm: A64: fix unallocated test of scalar SQXTUN, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 023/108] virtio-scsi: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 021/108] zaurus: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 025/108] megasas: Implement LD_LIST_QUERY, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 022/108] usb: sanity check setup_index+setup_len in post_load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 014/108] virtio: avoid buffer overrun on incoming migration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 029/108] po/Makefile: fix $SRC_PATH reference, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 027/108] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file.,
Michael Roth <=
- [Qemu-devel] [PATCH 028/108] s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 030/108] acpi: fix tables for no-hpet configuration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 016/108] openpic: avoid buffer overrun on incoming migration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 033/108] target-i386: fix set of registers zeroed on reset, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 031/108] stellaris_enet: block migration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 032/108] s390x/kvm: rework KVM synchronize to tracing for some ONEREGS, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 036/108] target-arm: Make vbar_write 64bit friendly on 32bit hosts, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 037/108] linux-user/elfload.c: Fix incorrect ARM HWCAP bits, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 040/108] spapr_pci: Fix number of returned vectors in ibm, change-msi, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 038/108] linux-user/elfload.c: Update ARM HWCAP bits, Michael Roth, 2014/08/06