Re: [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races betw

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races betw

From:	Paolo Bonzini
Subject:	Re: [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races between task completion and abort
Date:	Sat, 18 Aug 2012 21:21:11 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0

Il 15/08/2012 15:56, Kevin Wolf ha scritto:
> @@ -76,6 +76,10 @@ static void
>  iscsi_abort_task_cb(struct iscsi_context *iscsi, int status, void 
> *command_data,
>                      void *private_data)
>  {
> +    IscsiAIOCB *acb = (IscsiAIOCB *)private_data;
> +
> +    scsi_free_scsi_task(acb->task);
> +    acb->task = NULL;
>  }
>  
>  static void
> @@ -84,15 +88,15 @@ iscsi_aio_cancel(BlockDriverAIOCB *blockacb)
>      IscsiAIOCB *acb = (IscsiAIOCB *)blockacb;
>      IscsiLun *iscsilun = acb->iscsilun;
>  
> -    acb->common.cb(acb->common.opaque, -ECANCELED);
>      acb->canceled = 1;
>  
> -    /* send a task mgmt call to the target to cancel the task on the target 
> */
> -    iscsi_task_mgmt_abort_task_async(iscsilun->iscsi, acb->task,
> -                                     iscsi_abort_task_cb, NULL);
> +    acb->common.cb(acb->common.opaque, -ECANCELED);
>  
> -    /* then also cancel the task locally in libiscsi */
> -    iscsi_scsi_task_cancel(iscsilun->iscsi, acb->task);
> +    /* send a task mgmt call to the target to cancel the task on the target
> +     * this also cancels the task in libiscsi
> +     */
> +    iscsi_task_mgmt_abort_task_async(iscsilun->iscsi, acb->task,
> +                                     iscsi_abort_task_cb, &acb);

This is definitely a step forward, but iscsi_aio_cancel should actually
be synchronous.  Otherwise the target could write the data between the
callback and the sending of the TMF.  I'll send a patch for testing on
Monday.

Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 03/10] block: Prevent detection of /dev/fdset/ as floppy, (continued)
- [Qemu-devel] [PATCH 03/10] block: Prevent detection of /dev/fdset/ as floppy, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 02/10] qapi: Introduce add-fd, remove-fd, query-fdsets, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 04/10] block: Convert open calls to qemu_open, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 05/10] block: Convert close calls to qemu_close, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 06/10] block: Enable qemu_open/close to work with fd sets, Kevin Wolf, 2012/08/15
  - Re: [Qemu-devel] [PATCH 06/10] block: Enable qemu_open/close to work with fd sets, Peter Maydell, 2012/08/15
- [Qemu-devel] [PATCH 07/10] monitor: Clean up fd sets on monitor disconnect, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 09/10] block: Flush parent to OS with cache=unsafe, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 10/10] qemu-iotests: Fix 030 after switch to GenericError, Kevin Wolf, 2012/08/15
- [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races between task completion and abort, Kevin Wolf, 2012/08/15
  - Re: [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races between task completion and abort, Paolo Bonzini <=
- Re: [Qemu-devel] [PULL 00/10] Block patches, Anthony Liguori, 2012/08/15

Prev by Date: Re: [Qemu-devel] [RFC-v2 3/6] vhost-scsi: add -vhost-scsi host device for use with tcm-vhost
Next by Date: Re: [Qemu-devel] [PATCH] pl190: fix read of VECTADDR
Previous by thread: [Qemu-devel] [PATCH 08/10] iscsi: Fix NULL dereferences / races between task completion and abort
Next by thread: Re: [Qemu-devel] [PULL 00/10] Block patches
Index(es):
- Date
- Thread