From: Kevin Wolf <kwolf@redhat.com>
To: Ryan Harper <ryanh@us.ibm.com>
Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>,
Markus Armbruster <armbru@redhat.com>,
qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH v4] Do not delete BlockDriverState when deleting the drive
Date: Thu, 31 Mar 2011 10:03:37 +0200 [thread overview]
Message-ID: <4D943559.5060305@redhat.com> (raw)
In-Reply-To: <20110330015147.GG5445@us.ibm.com>
Am 30.03.2011 03:51, schrieb Ryan Harper:
> When removing a drive from the host-side via drive_del we currently have
> the following path:
>
> drive_del
> qemu_aio_flush()
> bdrv_close() // zaps bs->drv, which makes any subsequent I/O get
> // dropped. Works as designed
> drive_uninit()
> bdrv_delete() // frees the bs. Since the device is still connected to
> // bs, any subsequent I/O is a use-after-free.
>
> The value of bs->drv becomes unpredictable on free. As long as it
> remains null, I/O still gets dropped, however it could become non-null
> at any point after the free resulting SEGVs or other QEMU state
> corruption.
>
> To resolve this issue as simply as possible, we can chose to not
> actually delete the BlockDriverState pointer. Since bdrv_close()
> handles setting the drv pointer to NULL, we just need to remove the
> BlockDriverState from the QLIST that is used to enumerate the block
> devices. This is currently handled within bdrv_delete, so move this
> into its own function, bdrv_make_anon().
>
> The result is that we can now invoke drive_del, this closes the file
> descriptors and sets BlockDriverState->drv to NULL which prevents futher
> IO to the device, and since we do not free BlockDriverState, we don't
> have to worry about the copy retained in the block devices.
>
> We also don't attempt to remove the qdev property since we are no longer
> deleting the BlockDriverState on drives with associated drives. This
> also allows for removing Drives with no devices associated either.
>
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Thanks, applied to the block branch.
Kevin
prev parent reply other threads:[~2011-03-31 8:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-30 1:51 [Qemu-devel] [PATCH v4] Do not delete BlockDriverState when deleting the drive Ryan Harper
2011-03-30 7:36 ` Markus Armbruster
2011-03-31 8:03 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D943559.5060305@redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=ryanh@us.ibm.com \
--cc=stefan.hajnoczi@uk.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.