Re: [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing
Date: Wed, 14 Nov 2012 10:03:05 +0100	[thread overview]
Message-ID: <50A35E49.6020307@redhat.com> (raw)
In-Reply-To: <20121114083201.GA23826@stefanha-thinkpad.redhat.com>

Am 14.11.2012 09:32, schrieb Stefan Hajnoczi:
> On Tue, Nov 13, 2012 at 03:14:55PM +0100, Kevin Wolf wrote:
>> @@ -691,12 +685,15 @@ static int bdrv_open_common(BlockDriverState *bs, const char *filename,
>>  
>>      /* Open the image, either directly or using a protocol */
>>      if (drv->bdrv_file_open) {
>> +        if (file != NULL) {
>> +            bdrv_swap(file, bs);
>> +            bdrv_delete(file);
>> +        }
>>          ret = drv->bdrv_file_open(bs, filename, open_flags);
>>      } else {
> [...]
>>      /* Open the image */
>> -    ret = bdrv_open_common(bs, filename, flags, drv);
>> +    ret = bdrv_open_common(bs, file, filename, flags, drv);
>>      if (ret < 0) {
>>          goto unlink_and_fail;
>>      }
>> @@ -894,6 +895,9 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
>>      return 0;
>>  
>>  unlink_and_fail:
>> +    if (file != NULL) {
>> +        bdrv_delete(file);
>> +    }
> 
> Not sure I understand this code path.
> 
> We have a protocol (the driver implements .bdrv_file_open()) so we swap
> file and bs, then delete old bs.  Then we call .bdrv_file_open() on the
> already open file BDS.
> 
> Is it okay to call .bdrv_file_open() on an already open BDS?

No, that looks buggy, even though in practice it doesn't explode at
least with raw-posix. It probably did leak a file descriptor.

> Now if .bdrv_file_open() fails we will bdrv_delete() the already deleted
> file BDS.  This is a double-free.

I'll move the bdrv_delete up into bdrv_open (conditional on bs->file !=
file) and add a file = NULL after it, that should fix it.

Kevin

     prev parent reply	other threads:[~2012-11-14  9:03 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-13 14:14 [Qemu-devel] [PATCH 0/2] block: Avoid second open for format probing Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 1/2] block: Factor out bdrv_open_flags Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing Kevin Wolf
2012-11-14  8:32   ` Stefan Hajnoczi
2012-11-14  8:51     ` Paolo Bonzini
2012-11-14  9:03     ` Kevin Wolf [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50A35E49.6020307@redhat.com \
    --to=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.