From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
To: qemu block <qemu-block@nongnu.org>
Cc: Kevin Wolf <kwolf@redhat.com>, Denis Lunev <den@virtuozzo.com>,
qemu-devel <qemu-devel@nongnu.org>, Max Reitz <mreitz@redhat.com>
Subject: qcow2 api not secured by mutex lock
Date: Wed, 18 Dec 2019 10:28:48 +0000 [thread overview]
Message-ID: <1ea7f93d-8f48-d565-70e7-0d66f1b80c1e@virtuozzo.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]
Hi!
Some time ago, we've faced and fixed the fact that qcow2 bitmap api doesn't
call qcow2_co_mutex_lock, before accessing qcow2 metadata. This was solved by
moving qcow2_co_remove_persistent_dirty_bitmap and
qcow2_co_can_store_new_dirty_bitmap to coroutine and call qcow2_co_mutex_lock.
Now I decided to look at big picture (it is attached).
Boxes are qcow2 driver api, green border means that function calls qcow2_co_mutex_lock
(it doesn't guarantee, that exactly child node call is locked, but it is something).
In the picture there are just all functions, calling qcow2_cache_get/put.. Not all the
functions, that needs locking, but again, it is something.
So, accordingly to the picture, it seems that the following functions lacks locking:
qcow2_co_create
qcow2_snapshot_*
(but it is both drained and aio context locked, so should be safe, yes?)
qcow2_reopen_bitmaps_rw
qcow2_store_persistent_dirty_bitmaps
qcow2_amend_options
qcow2_make_empty
===
Checking green nodes:
qcow2_co_invalidate_cache actually calls qcow2_close unlocked, it's another reason to fix qcow2_store_persistent_dirty_bitmaps
qcow2_write_snapshots actually called unlocked from qcow2_check_fix_snapshot_table.. It seems unsafe.
===
Not complete audit of course.. What do you think about it? I think, I at least should move
qcow2_store_persistent_dirty_bitmaps and qcow2_reopen_bitmaps_rw to coroutine,
like qcow2_co_remove_persistent_dirty_bitmap.
--
Best regards,
Vladimir
[-- Attachment #2: master-block-qcow2-filtered.svg --]
[-- Type: image/svg+xml, Size: 122306 bytes --]
next reply other threads:[~2019-12-18 10:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 10:28 Vladimir Sementsov-Ogievskiy [this message]
2019-12-19 10:02 ` qcow2 api not secured by mutex lock Kevin Wolf
2019-12-19 10:25 ` Vladimir Sementsov-Ogievskiy
2019-12-19 10:33 ` Max Reitz
2019-12-19 10:35 ` Max Reitz
2019-12-19 10:53 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1ea7f93d-8f48-d565-70e7-0d66f1b80c1e@virtuozzo.com \
--to=vsementsov@virtuozzo.com \
--cc=den@virtuozzo.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).