From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, pbonzini@redhat.com, stefanha@redhat.com,
eesposit@redhat.com, qemu-devel@nongnu.org
Subject: [PATCH 02/23] mirror: Fix access of uninitialised fields during start
Date: Fri, 3 Feb 2023 16:21:41 +0100 [thread overview]
Message-ID: <20230203152202.49054-3-kwolf@redhat.com> (raw)
In-Reply-To: <20230203152202.49054-1-kwolf@redhat.com>
bdrv_mirror_top_pwritev() accesses the job object when active mirroring
is enabled. It disables this code during early initialisation while
s->job isn't set yet.
However, s->job is still set way too early when the job object isn't
fully initialised. For example, &s->ops_in_flight isn't initialised yet
and the in_flight bitmap doesn't exist yet. This causes crashes when a
write request comes in too early.
Move the assignment of s->job to when the mirror job is actually fully
initialised to make sure that the mirror_top driver doesn't access it
too early.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/block/mirror.c b/block/mirror.c
index ab326b67c9..fbbb4f619e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -896,6 +896,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
{
MirrorBlockJob *s = container_of(job, MirrorBlockJob, common.job);
BlockDriverState *bs = s->mirror_top_bs->backing->bs;
+ MirrorBDSOpaque *mirror_top_opaque = s->mirror_top_bs->opaque;
BlockDriverState *target_bs = blk_bs(s->target);
bool need_drain = true;
BlockDeviceIoStatus iostatus;
@@ -985,6 +986,12 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
}
}
+ /*
+ * Only now the job is fully initialised and mirror_top_bs should start
+ * accessing it.
+ */
+ mirror_top_opaque->job = s;
+
assert(!s->dbi);
s->dbi = bdrv_dirty_iter_new(s->dirty_bitmap);
for (;;) {
@@ -1704,7 +1711,6 @@ static BlockJob *mirror_start_job(
if (!s) {
goto fail;
}
- bs_opaque->job = s;
/* The block job now has a reference to this node */
bdrv_unref(mirror_top_bs);
--
2.38.1
next prev parent reply other threads:[~2023-02-03 15:25 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 15:21 [PATCH 00/23] block: Lock the graph, part 2 (BlockDriver callbacks) Kevin Wolf
2023-02-03 15:21 ` [PATCH 01/23] block: Make bdrv_can_set_read_only() static Kevin Wolf
2023-02-22 16:27 ` Vladimir Sementsov-Ogievskiy
2023-02-03 15:21 ` Kevin Wolf [this message]
2023-02-22 16:32 ` [PATCH 02/23] mirror: Fix access of uninitialised fields during start Vladimir Sementsov-Ogievskiy
2023-02-03 15:21 ` [PATCH 03/23] block: Mark bdrv_co_truncate() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 04/23] block: Mark bdrv_co_block_status() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 05/23] block: Mark bdrv_co_ioctl() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 06/23] block/qed: add missing graph rdlock in qed_need_check_timer_entry Kevin Wolf
2023-02-03 15:21 ` [PATCH 07/23] block: Mark bdrv_co_flush() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 08/23] block: Mark bdrv_co_pdiscard() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 09/23] block: Mark bdrv_co_pwrite_zeroes() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 10/23] block: Mark read/write in block/io.c GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 11/23] block: Mark public read/write functions GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 12/23] block: Mark bdrv_co_pwrite_sync() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 13/23] block: Mark bdrv_co_do_pwrite_zeroes() GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 14/23] block: Mark bdrv_co_copy_range() GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 15/23] block: Mark preadv_snapshot/snapshot_block_status GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 16/23] block: Mark bdrv_co_create() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:21 ` [PATCH 17/23] block: Mark bdrv_co_io_(un)plug() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 18/23] block: Mark bdrv_co_is_inserted() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 19/23] block: Mark bdrv_co_eject/lock_medium() " Kevin Wolf
2023-02-03 15:21 ` [PATCH 20/23] block: Mark bdrv_(un)register_buf() GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:22 ` [PATCH 21/23] block: Mark bdrv_co_delete_file() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-03 15:22 ` [PATCH 22/23] block: Mark bdrv_*_dirty_bitmap() " Kevin Wolf
2023-02-03 15:22 ` [PATCH 23/23] block: Mark bdrv_co_refresh_total_sectors() " Kevin Wolf
2023-02-17 10:12 ` [PATCH 00/23] block: Lock the graph, part 2 (BlockDriver callbacks) Emanuele Giuseppe Esposito
2023-02-21 22:13 ` Stefan Hajnoczi
2023-02-23 11:48 ` Kevin Wolf
2023-02-23 12:46 ` Stefan Hajnoczi
2023-02-23 20:33 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230203152202.49054-3-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=eesposit@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.