[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Crash when deleting an iothread that is being used
From: |
Alberto Garcia |
Subject: |
[Qemu-devel] Crash when deleting an iothread that is being used |
Date: |
Tue, 15 Jan 2019 15:29:42 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
Here's how to reproduce the crash:
{ "execute": "qmp_capabilities" }
{ "execute": "blockdev-add", "arguments": {"driver": "null-co", "node-name":
"hd0"}}
{ "execute": "object-add", "arguments": {"qom-type": "iothread", "id":
"iothread0"}}
{ "execute": "x-blockdev-set-iothread", "arguments": {"node-name": "hd0",
"iothread": "iothread0"}}
{ "execute": "object-del", "arguments": {"id": "iothread0"}}
{ "execute": "blockdev-del", "arguments": {"node-name": "hd0"}}
The problem is that bs->aio_context is the one that belonged to the
IOThread and was destroyed by the object-del call. One would need to
do x-blockdev-set-iothread(hd0, null) before deleting the thread.
The IOThread class does not have a can_be_deleted() method to prevent
threads from being deleted. One possible implementation would require
a reference count but that doesn't seem immediately trivial because
users don't use the IOThread itself but its AioContext, and not all
bdrv_set_aio_context() are related to IOThreads.
A quicker fix is of course to prevent the threads from being deleted
at all :-)
Berto
- [Qemu-devel] Crash when deleting an iothread that is being used,
Alberto Garcia <=