From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com
Subject: [Qemu-devel] [PATCH 1/2] block: Fix too early free in multiwrite
Date: Thu, 1 Jul 2010 16:31:57 +0200 [thread overview]
Message-ID: <1277994718-14443-2-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1277994718-14443-1-git-send-email-kwolf@redhat.com>
bdrv_aio_writev may call the callback immediately (and it will commonly do so
in error cases). If num_requests doesn't have its final value yet,
multiwrite_cb will falsely detect that all requests are completed and frees
the mcb. However, the mcb is still used by other requests that are started only
afterwards. When all requests are completed, it is freed for the second time.
Fix this by setting the right num_requests from the beginning.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/block.c b/block.c
index c40dd2c..9719649 100644
--- a/block.c
+++ b/block.c
@@ -2198,6 +2198,7 @@ int bdrv_aio_multiwrite(BlockDriverState *bs, BlockRequest *reqs, int num_reqs)
num_reqs = multiwrite_merge(bs, reqs, num_reqs, mcb);
// Run the aio requests
+ mcb->num_requests = num_reqs;
for (i = 0; i < num_reqs; i++) {
acb = bdrv_aio_writev(bs, reqs[i].sector, reqs[i].qiov,
reqs[i].nb_sectors, multiwrite_cb, mcb);
@@ -2206,16 +2207,13 @@ int bdrv_aio_multiwrite(BlockDriverState *bs, BlockRequest *reqs, int num_reqs)
// We can only fail the whole thing if no request has been
// submitted yet. Otherwise we'll wait for the submitted AIOs to
// complete and report the error in the callback.
- if (mcb->num_requests == 0) {
+ if (i == 0) {
reqs[i].error = -EIO;
goto fail;
} else {
- mcb->num_requests++;
multiwrite_cb(mcb, -EIO);
break;
}
- } else {
- mcb->num_requests++;
}
}
--
1.6.6.1
next prev parent reply other threads:[~2010-07-01 14:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-01 14:31 [Qemu-devel] [PATCH 0/2] block: Fix multiwrite error handling Kevin Wolf
2010-07-01 14:31 ` Kevin Wolf [this message]
2010-07-02 8:10 ` [Qemu-devel] [PATCH 1/2] block: Fix too early free in multiwrite Stefan Hajnoczi
2010-07-02 9:38 ` Christoph Hellwig
2010-07-01 14:31 ` [Qemu-devel] [PATCH 2/2] block: Handle multiwrite errors only when all requests have completed Kevin Wolf
2010-07-02 8:33 ` Stefan Hajnoczi
2010-07-02 9:40 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1277994718-14443-2-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).