From: Paolo Bonzini <pbonzini@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing
Date: Wed, 14 Nov 2012 09:51:51 +0100 [thread overview]
Message-ID: <50A35BA7.7090900@redhat.com> (raw)
In-Reply-To: <20121114083201.GA23826@stefanha-thinkpad.redhat.com>
Il 14/11/2012 09:32, Stefan Hajnoczi ha scritto:
> On Tue, Nov 13, 2012 at 03:14:55PM +0100, Kevin Wolf wrote:
>> @@ -691,12 +685,15 @@ static int bdrv_open_common(BlockDriverState *bs, const char *filename,
>>
>> /* Open the image, either directly or using a protocol */
>> if (drv->bdrv_file_open) {
>> + if (file != NULL) {
>> + bdrv_swap(file, bs);
>> + bdrv_delete(file);
>> + }
>> ret = drv->bdrv_file_open(bs, filename, open_flags);
>> } else {
> [...]
>> /* Open the image */
>> - ret = bdrv_open_common(bs, filename, flags, drv);
>> + ret = bdrv_open_common(bs, file, filename, flags, drv);
>> if (ret < 0) {
>> goto unlink_and_fail;
>> }
>> @@ -894,6 +895,9 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
>> return 0;
>>
>> unlink_and_fail:
>> + if (file != NULL) {
>> + bdrv_delete(file);
>> + }
>
> Not sure I understand this code path.
>
> We have a protocol (the driver implements .bdrv_file_open()) so we swap
> file and bs, then delete old bs. Then we call .bdrv_file_open() on the
> already open file BDS.
>
> Is it okay to call .bdrv_file_open() on an already open BDS?
I don't think so. But do the cases where this happen make sense? Can
we just fail if drv is not equal to bs->drv if we reach the "if
(drv->bdrv_file_open)" case? That would be for cases like "-drive
file=test.img,format=host_device" but how does that make sense?...
(Plus, it fails to stack the raw format on top).
So perhaps we could even assert(drv == bs->drv) if protocols had no
.format_name?
> Now if .bdrv_file_open() fails we will bdrv_delete() the already deleted
> file BDS. This is a double-free.
Right, always better to NULL out whatever you delete (which means
passing a BDS** to bdrv_open_common.
Paolo
next prev parent reply other threads:[~2012-11-14 8:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 14:14 [Qemu-devel] [PATCH 0/2] block: Avoid second open for format probing Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 1/2] block: Factor out bdrv_open_flags Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing Kevin Wolf
2012-11-14 8:32 ` Stefan Hajnoczi
2012-11-14 8:51 ` Paolo Bonzini [this message]
2012-11-14 9:03 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A35BA7.7090900@redhat.com \
--to=pbonzini@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.