From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [PULL 02/29] mirror: Fix access of uninitialised fields during start
Date: Thu, 23 Feb 2023 19:51:19 +0100 [thread overview]
Message-ID: <20230223185146.306454-3-kwolf@redhat.com> (raw)
In-Reply-To: <20230223185146.306454-1-kwolf@redhat.com>
bdrv_mirror_top_pwritev() accesses the job object when active mirroring
is enabled. It disables this code during early initialisation while
s->job isn't set yet.
However, s->job is still set way too early when the job object isn't
fully initialised. For example, &s->ops_in_flight isn't initialised yet
and the in_flight bitmap doesn't exist yet. This causes crashes when a
write request comes in too early.
Move the assignment of s->job to when the mirror job is actually fully
initialised to make sure that the mirror_top driver doesn't access it
too early.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230203152202.49054-3-kwolf@redhat.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/block/mirror.c b/block/mirror.c
index ab326b67c9..fbbb4f619e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -896,6 +896,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
{
MirrorBlockJob *s = container_of(job, MirrorBlockJob, common.job);
BlockDriverState *bs = s->mirror_top_bs->backing->bs;
+ MirrorBDSOpaque *mirror_top_opaque = s->mirror_top_bs->opaque;
BlockDriverState *target_bs = blk_bs(s->target);
bool need_drain = true;
BlockDeviceIoStatus iostatus;
@@ -985,6 +986,12 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
}
}
+ /*
+ * Only now the job is fully initialised and mirror_top_bs should start
+ * accessing it.
+ */
+ mirror_top_opaque->job = s;
+
assert(!s->dbi);
s->dbi = bdrv_dirty_iter_new(s->dirty_bitmap);
for (;;) {
@@ -1704,7 +1711,6 @@ static BlockJob *mirror_start_job(
if (!s) {
goto fail;
}
- bs_opaque->job = s;
/* The block job now has a reference to this node */
bdrv_unref(mirror_top_bs);
--
2.39.2
next prev parent reply other threads:[~2023-02-23 18:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-23 18:51 [PULL 00/29] Block layer patches Kevin Wolf
2023-02-23 18:51 ` [PULL 01/29] block: Make bdrv_can_set_read_only() static Kevin Wolf
2023-02-23 18:51 ` Kevin Wolf [this message]
2023-02-23 18:51 ` [PULL 03/29] block: Mark bdrv_co_truncate() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 04/29] block: Mark bdrv_co_block_status() " Kevin Wolf
2023-02-23 18:51 ` [PULL 05/29] block: Mark bdrv_co_ioctl() " Kevin Wolf
2023-02-23 18:51 ` [PULL 06/29] block/qed: add missing graph rdlock in qed_need_check_timer_entry Kevin Wolf
2023-02-23 18:51 ` [PULL 07/29] block: Mark bdrv_co_flush() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 08/29] block: Mark bdrv_co_pdiscard() " Kevin Wolf
2023-02-23 18:51 ` [PULL 09/29] block: Mark bdrv_co_pwrite_zeroes() " Kevin Wolf
2023-02-23 18:51 ` [PULL 10/29] block: Mark read/write in block/io.c GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 11/29] block: Mark public read/write functions GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 12/29] block: Mark bdrv_co_pwrite_sync() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 13/29] block: Mark bdrv_co_do_pwrite_zeroes() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 14/29] block: Mark bdrv_co_copy_range() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 15/29] block: Mark preadv_snapshot/snapshot_block_status GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 16/29] block: Mark bdrv_co_create() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 17/29] block: Mark bdrv_co_io_(un)plug() " Kevin Wolf
2023-02-23 18:51 ` [PULL 18/29] block: Mark bdrv_co_is_inserted() " Kevin Wolf
2023-02-23 18:51 ` [PULL 19/29] block: Mark bdrv_co_eject/lock_medium() " Kevin Wolf
2023-02-23 18:51 ` [PULL 20/29] block: Mark bdrv_(un)register_buf() GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 21/29] block: Mark bdrv_co_delete_file() and callers GRAPH_RDLOCK Kevin Wolf
2023-02-23 18:51 ` [PULL 22/29] block: Mark bdrv_*_dirty_bitmap() " Kevin Wolf
2023-02-23 18:51 ` [PULL 23/29] block: Mark bdrv_co_refresh_total_sectors() " Kevin Wolf
2023-02-23 18:51 ` [PULL 24/29] scsi: protect req->aiocb with AioContext lock Kevin Wolf
2023-02-23 18:51 ` [PULL 25/29] dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race Kevin Wolf
2023-02-23 18:51 ` [PULL 26/29] virtio-scsi: reset SCSI devices from main loop thread Kevin Wolf
2023-02-23 18:51 ` [PULL 27/29] block/rbd: Remove redundant stack variable passphrase_len Kevin Wolf
2023-02-23 18:51 ` [PULL 28/29] block/rbd: Add luks-any encryption opening option Kevin Wolf
2023-02-23 18:51 ` [PULL 29/29] block/rbd: Add support for layered encryption Kevin Wolf
2023-02-24 18:50 ` [PULL 00/29] Block layer patches Peter Maydell
2023-02-24 21:35 ` Philippe Mathieu-Daudé
2023-02-27 9:12 ` Thomas Huth
2023-02-27 11:22 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230223185146.306454-3-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.