From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [PULL 04/20] block/vvfat: fix vvfat_child_perm crash
Date: Wed, 2 Jun 2021 15:45:13 +0200 [thread overview]
Message-ID: <20210602134529.231756-5-kwolf@redhat.com> (raw)
In-Reply-To: <20210602134529.231756-1-kwolf@redhat.com>
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
It's wrong to rely on s->qcow in vvfat_child_perm, as on permission
update during bdrv_open_child() call this field is not set yet.
Still prior to aa5a04c7db27eea6b36de32f241b155f0d9ce34d, it didn't
crash, as bdrv_open_child passed NULL as child to bdrv_child_perm(),
and NULL was equal to NULL in assertion (still, it was bad guarantee
for child being s->qcow, not backing :).
Since aa5a04c7db27eea6b36de32f241b155f0d9ce34d
"add bdrv_attach_child_noperm" bdrv_refresh_perms called on parent node
when attaching child, and new correct child pointer is passed to
.bdrv_child_perm. Still, s->qcow is NULL at the moment. Let's rely only
on role instead.
Without that fix,
./build/qemu-system-x86_64 -usb -device usb-storage,drive=fat16 \
-drive \
file=fat:rw:fat-type=16:"<path of a host folder>",id=fat16,format=raw,if=none
crashes:
(gdb) bt
0 raise () at /lib64/libc.so.6
1 abort () at /lib64/libc.so.6
2 _nl_load_domain.cold () at /lib64/libc.so.6
3 annobin_assert.c_end () at /lib64/libc.so.6
4 vvfat_child_perm (bs=0x559186f3d690, c=0x559186f1ed20, role=3,
reopen_queue=0x0, perm=0, shared=31,
nperm=0x7ffe56f28298, nshared=0x7ffe56f282a0) at
../block/vvfat.c:3214
5 bdrv_child_perm (bs=0x559186f3d690, child_bs=0x559186f60190,
c=0x559186f1ed20, role=3, reopen_queue=0x0,
parent_perm=0, parent_shared=31,
nperm=0x7ffe56f28298, nshared=0x7ffe56f282a0)
at ../block.c:2094
6 bdrv_node_refresh_perm (bs=0x559186f3d690, q=0x0,
tran=0x559186f65850, errp=0x7ffe56f28530) at
../block.c:2336
7 bdrv_list_refresh_perms (list=0x559186db5b90 = {...}, q=0x0,
tran=0x559186f65850, errp=0x7ffe56f28530)
at ../block.c:2358
8 bdrv_refresh_perms (bs=0x559186f3d690, errp=0x7ffe56f28530) at
../block.c:2419
9 bdrv_attach_child
(parent_bs=0x559186f3d690, child_bs=0x559186f60190,
child_name=0x559184d83e3d "write-target",
child_class=0x5591852f3b00 <child_vvfat_qcow>, child_role=3,
errp=0x7ffe56f28530) at ../block.c:2959
10 bdrv_open_child
(filename=0x559186f5cb80 "/var/tmp/vl.7WYmFU",
options=0x559186f66c20, bdref_key=0x559184d83e3d "write-target",
parent=0x559186f3d690, child_class=0x5591852f3b00
<child_vvfat_qcow>, child_role=3, allow_none=false,
errp=0x7ffe56f28530) at ../block.c:3351
11 enable_write_target (bs=0x559186f3d690, errp=0x7ffe56f28530) at
../block/vvfat.c:3177
12 vvfat_open (bs=0x559186f3d690, options=0x559186f42db0, flags=155650,
errp=0x7ffe56f28530) at ../block/vvfat.c:1236
13 bdrv_open_driver (bs=0x559186f3d690, drv=0x5591853d97e0
<bdrv_vvfat>, node_name=0x0,
options=0x559186f42db0, open_flags=155650,
errp=0x7ffe56f28640) at ../block.c:1557
14 bdrv_open_common (bs=0x559186f3d690, file=0x0,
options=0x559186f42db0, errp=0x7ffe56f28640) at
../block.c:1833
...
(gdb) fr 4
#4 vvfat_child_perm (bs=0x559186f3d690, c=0x559186f1ed20, role=3,
reopen_queue=0x0, perm=0, shared=31,
nperm=0x7ffe56f28298, nshared=0x7ffe56f282a0) at
../block/vvfat.c:3214
3214 assert(c == s->qcow || (role & BDRV_CHILD_COW));
(gdb) p role
$1 = 3 # BDRV_CHILD_DATA | BDRV_CHILD_METADATA
(gdb) p *c
$2 = {bs = 0x559186f60190, name = 0x559186f669d0 "write-target", klass
= 0x5591852f3b00 <child_vvfat_qcow>, role = 3, opaque =
0x559186f3d690, perm = 3, shared_perm = 4, frozen = false,
parent_quiesce_counter = 0, next = {le_next = 0x0, le_prev =
0x559186f41818}, next_parent = {le_next = 0x0, le_prev =
0x559186f64320}}
(gdb) p s->qcow
$3 = (BdrvChild *) 0x0
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210524101257.119377-3-vsementsov@virtuozzo.com>
Tested-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/vvfat.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/block/vvfat.c b/block/vvfat.c
index 07232a7cfc..86d99c899c 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -3209,15 +3209,12 @@ static void vvfat_child_perm(BlockDriverState *bs, BdrvChild *c,
uint64_t perm, uint64_t shared,
uint64_t *nperm, uint64_t *nshared)
{
- BDRVVVFATState *s = bs->opaque;
-
- assert(c == s->qcow || (role & BDRV_CHILD_COW));
-
- if (c == s->qcow) {
+ if (role & BDRV_CHILD_DATA) {
/* This is a private node, nobody should try to attach to it */
*nperm = BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE;
*nshared = BLK_PERM_WRITE_UNCHANGED;
} else {
+ assert(role & BDRV_CHILD_COW);
/* The backing file is there so 'commit' can use it. vvfat doesn't
* access it in any way. */
*nperm = 0;
--
2.30.2
next prev parent reply other threads:[~2021-06-02 13:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-02 13:45 [PULL 00/20] Block layer patches Kevin Wolf
2021-06-02 13:45 ` [PULL 01/20] block/quorum: Provide .bdrv_co_flush instead of .bdrv_co_flush_to_disk Kevin Wolf
2021-06-02 13:45 ` [PULL 02/20] qemu-io-cmds: assert that we don't have .perm requested in no-blk case Kevin Wolf
2021-06-02 13:45 ` [PULL 03/20] block/vvfat: child_vvfat_qcow: add .get_parent_aio_context, fix crash Kevin Wolf
2021-06-02 13:45 ` Kevin Wolf [this message]
2021-06-02 13:45 ` [PULL 05/20] block: consistently use bdrv_is_read_only() Kevin Wolf
2021-06-02 13:45 ` [PULL 06/20] block: drop BlockDriverState::read_only Kevin Wolf
2021-06-02 13:45 ` [PULL 07/20] block: drop BlockBackendRootState::read_only Kevin Wolf
2021-06-02 13:45 ` [PULL 08/20] block/file-posix: Fix problem with fallocate(PUNCH_HOLE) on GPFS Kevin Wolf
2021-06-02 13:45 ` [PULL 09/20] block/file-posix: Try other fallbacks after invalid FALLOC_FL_ZERO_RANGE Kevin Wolf
2021-06-02 13:45 ` [PULL 10/20] block: document child argument of bdrv_attach_child_common() Kevin Wolf
2021-06-02 13:45 ` [PULL 11/20] block-backend: improve blk_root_get_parent_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 12/20] block: improve bdrv_child_get_parent_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 13/20] block/vvfat: inherit child_vvfat_qcow from child_of_bds Kevin Wolf
2021-06-02 13:45 ` [PULL 14/20] block: simplify bdrv_child_user_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 15/20] block: improve permission conflict error message Kevin Wolf
2021-06-02 13:45 ` [PULL 16/20] block-backend: add drained_poll Kevin Wolf
2021-06-02 13:45 ` [PULL 17/20] nbd/server: Use drained block ops to quiesce the server Kevin Wolf
2021-06-02 13:45 ` [PULL 18/20] block-copy: fix block_copy_task_entry() progress update Kevin Wolf
2021-06-02 13:45 ` [PULL 19/20] block-copy: refactor copy_range handling Kevin Wolf
2021-06-02 13:45 ` [PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co' block driver Kevin Wolf
2021-06-03 8:59 ` [PULL 00/20] Block layer patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210602134529.231756-5-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).