[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 57/61] fix: avoid an infinite loop or a dangling poin
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 57/61] fix: avoid an infinite loop or a dangling pointer problem in img_commit |
Date: |
Fri, 23 Jun 2017 18:21:55 +0200 |
From: "sochin.jiang" <address@hidden>
img_commit could fall into an infinite loop calling run_block_job() if
its blockjob fails on any I/O error, fix this already known problem.
Signed-off-by: sochin.jiang <address@hidden>
Message-id: address@hidden
Signed-off-by: Max Reitz <address@hidden>
---
blockjob.c | 4 ++--
include/block/blockjob.h | 18 ++++++++++++++++++
qemu-img.c | 20 +++++++++++++-------
3 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/blockjob.c b/blockjob.c
index a0d7e29..70a7818 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -139,7 +139,7 @@ static void block_job_resume(BlockJob *job)
block_job_enter(job);
}
-static void block_job_ref(BlockJob *job)
+void block_job_ref(BlockJob *job)
{
++job->refcnt;
}
@@ -148,7 +148,7 @@ static void block_job_attached_aio_context(AioContext
*new_context,
void *opaque);
static void block_job_detach_aio_context(void *opaque);
-static void block_job_unref(BlockJob *job)
+void block_job_unref(BlockJob *job)
{
if (--job->refcnt == 0) {
BlockDriverState *bs = blk_bs(job->blk);
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index 09c7c69..67c0968 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -321,6 +321,24 @@ void block_job_iostatus_reset(BlockJob *job);
BlockJobTxn *block_job_txn_new(void);
/**
+ * block_job_ref:
+ *
+ * Add a reference to BlockJob refcnt, it will be decreased with
+ * block_job_unref, and then be freed if it comes to be the last
+ * reference.
+ */
+void block_job_ref(BlockJob *job);
+
+/**
+ * block_job_unref:
+ *
+ * Release a reference that was previously acquired with block_job_ref
+ * or block_job_create. If it's the last reference to the object, it will be
+ * freed.
+ */
+void block_job_unref(BlockJob *job);
+
+/**
* block_job_txn_unref:
*
* Release a reference that was previously acquired with block_job_txn_add_job
diff --git a/qemu-img.c b/qemu-img.c
index 0ad698d..e70d515 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -887,22 +887,28 @@ static void common_block_job_cb(void *opaque, int ret)
static void run_block_job(BlockJob *job, Error **errp)
{
AioContext *aio_context = blk_get_aio_context(job->blk);
+ int ret = 0;
- /* FIXME In error cases, the job simply goes away and we access a dangling
- * pointer below. */
aio_context_acquire(aio_context);
+ block_job_ref(job);
do {
aio_poll(aio_context, true);
qemu_progress_print(job->len ?
((float)job->offset / job->len * 100.f) : 0.0f, 0);
- } while (!job->ready);
+ } while (!job->ready && !job->completed);
- block_job_complete_sync(job, errp);
+ if (!job->completed) {
+ ret = block_job_complete_sync(job, errp);
+ } else {
+ ret = job->ret;
+ }
+ block_job_unref(job);
aio_context_release(aio_context);
- /* A block job may finish instantaneously without publishing any progress,
- * so just signal completion here */
- qemu_progress_print(100.f, 0);
+ /* publish completion progress only when success */
+ if (!ret) {
+ qemu_progress_print(100.f, 0);
+ }
}
static int img_commit(int argc, char **argv)
--
1.8.3.1
- [Qemu-devel] [PULL 46/61] qed: Add return value to qed_aio_read/write_data(), (continued)
- [Qemu-devel] [PULL 46/61] qed: Add return value to qed_aio_read/write_data(), Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 39/61] qed: Make qed_aio_write_main() synchronous, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 42/61] qed: Add return value to qed_aio_write_l2_update(), Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 44/61] qed: Add return value to qed_aio_write_cow(), Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 50/61] qed: Use CoQueue for serialising allocations, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 49/61] qed: Implement .bdrv_co_readv/writev, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 51/61] qed: Simplify request handling, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 52/61] qed: Use a coroutine for need_check_timer, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 54/61] qed: Use bdrv_co_* for coroutine_fns, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 53/61] qed: Add coroutine_fn to I/O path functions, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 57/61] fix: avoid an infinite loop or a dangling pointer problem in img_commit,
Kevin Wolf <=
- [Qemu-devel] [PULL 55/61] block: Remove bdrv_aio_readv/writev/flush(), Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 58/61] blkdebug: Catch bs->exact_filename overflow, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 61/61] qemu-img: don't shadow opts variable in img_dd(), Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 59/61] blkverify: Catch bs->exact_filename overflow, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 60/61] block: Do not strcmp() with NULL uri->scheme, Kevin Wolf, 2017/06/23
- [Qemu-devel] [PULL 56/61] block: change variable names in BlockDriverState, Kevin Wolf, 2017/06/23
- Re: [Qemu-devel] [PULL 00/61] Block layer patches, Peter Maydell, 2017/06/26