From: Kevin Wolf <kwolf@redhat.com>
To: Fiona Ebner <f.ebner@proxmox.com>
Cc: qemu-devel@nongnu.org, qemu-stable@nongnu.org, hreitz@redhat.com,
qemu-block@nongnu.org
Subject: Re: [PATCH] block-backend: protect setting block root to NULL with block graph write lock
Date: Thu, 9 Jan 2025 11:47:41 +0100 [thread overview]
Message-ID: <Z3-pTUj66O2nfqc_@redhat.com> (raw)
In-Reply-To: <20250108124649.333668-1-f.ebner@proxmox.com>
Am 08.01.2025 um 13:46 hat Fiona Ebner geschrieben:
> Setting blk->root is a graph change operation and thus needs to be
> protected by the block graph write lock in blk_remove_bs(). The
> assignment to blk->root in blk_insert_bs() is already protected by
> the block graph write lock.
Hm, if that's the case, then we should also enforce this in the
declaration of BlockBackend:
BdrvChild * GRAPH_RDLOCK_PTR root;
However, this results in more compiler failures that we need to fix. You
caught the only remaining writer, but the lock is only fully effective
if all readers take it, too.
> In particular, the graph read lock in blk_co_do_flush() could
> previously not ensure that blk_bs(blk) would always return the same
> value during the locked section, which could lead to a segfault [0] in
> combination with migration [1].
>
> From the user-provided backtraces in the forum thread [1], it seems
> like blk_co_do_flush() managed to get past the
> blk_co_is_available(blk) check, meaning that blk_bs(blk) returned a
> non-NULL value during the check, but then, when calling
> bdrv_co_flush(), blk_bs(blk) returned NULL.
>
> [0]:
>
> > 0 bdrv_primary_child (bs=bs@entry=0x0) at ../block.c:8287
> > 1 bdrv_co_flush (bs=0x0) at ../block/io.c:2948
> > 2 bdrv_co_flush_entry (opaque=0x7a610affae90) at block/block-gen.c:901
>
> [1]: https://forum.proxmox.com/threads/158072
>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> block/block-backend.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/block/block-backend.c b/block/block-backend.c
> index c93a7525ad..9678615318 100644
> --- a/block/block-backend.c
> +++ b/block/block-backend.c
> @@ -887,9 +887,9 @@ void blk_remove_bs(BlockBackend *blk)
> */
> blk_drain(blk);
> root = blk->root;
> - blk->root = NULL;
>
> bdrv_graph_wrlock();
> + blk->root = NULL;
> bdrv_root_unref_child(root);
> bdrv_graph_wrunlock();
> }
I think the 'root = blk->root' needs to be inside the locked section,
too. Otherwise blk->root could change during bdrv_graph_wrlock() (which
has a nested event loop) and root would be stale. I assume clang would
complain about this with the added GRAPH_RDLOCK_PTR.
Kevin
next prev parent reply other threads:[~2025-01-09 10:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-08 12:46 [PATCH] block-backend: protect setting block root to NULL with block graph write lock Fiona Ebner
2025-01-09 10:47 ` Kevin Wolf [this message]
2025-01-09 10:52 ` Daniel Wielandt
2025-01-09 10:55 ` Daniel Wielandt
2025-01-09 10:59 ` Daniel Wielandt
2025-01-09 11:03 ` Daniel Wielandt
2025-01-09 11:04 ` Daniel Wielandt
2025-01-10 16:37 ` Fiona Ebner
2025-01-16 15:52 ` Kevin Wolf
2025-01-28 12:24 ` Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z3-pTUj66O2nfqc_@redhat.com \
--to=kwolf@redhat.com \
--cc=f.ebner@proxmox.com \
--cc=hreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.