[Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co
@ 2019-05-27  9:23 Stefan Hajnoczi
  2019-05-30  8:42 ` Kevin Wolf
  0 siblings, 1 reply; 4+ messages in thread
From: Stefan Hajnoczi @ 2019-05-27  9:23 UTC (permalink / raw)
  To: qemu-devel
  Cc: Kevin Wolf, qemu-block, Max Reitz, Stefan Hajnoczi,
	Julia Suvorova, Aarushi Mehta

qemu_aio_get() does not zero allocated memory.  Explicitly initialize
laiocb->co to prevent an uninitialized memory access in
qemu_laio_process_completion().

Note that this bug has never manifested itself.  I guess we're lucky!

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
I challenge you to find a place where laiocb->co is initialized and then
we can drop this patch.  I've double-checked and cannot find it...

 block/linux-aio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/linux-aio.c b/block/linux-aio.c
index d4b61fb251..a097653be6 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
@@ -440,6 +440,7 @@ BlockAIOCB *laio_submit(BlockDriverState *bs, LinuxAioState *s, int fd,
     int ret;
 
     laiocb = qemu_aio_get(&laio_aiocb_info, bs, cb, opaque);
+    laiocb->co = NULL;
     laiocb->nbytes = nb_sectors * BDRV_SECTOR_SIZE;
     laiocb->ctx = s;
     laiocb->ret = -EINPROGRESS;
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co
  2019-05-27  9:23 [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co Stefan Hajnoczi
@ 2019-05-30  8:42 ` Kevin Wolf
  2019-05-30 14:07   ` Paolo Bonzini
  0 siblings, 1 reply; 4+ messages in thread
From: Kevin Wolf @ 2019-05-30  8:42 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: qemu-block, qemu-devel, Max Reitz, pbonzini, Julia Suvorova,
	Aarushi Mehta

Am 27.05.2019 um 11:23 hat Stefan Hajnoczi geschrieben:
> qemu_aio_get() does not zero allocated memory.  Explicitly initialize
> laiocb->co to prevent an uninitialized memory access in
> qemu_laio_process_completion().
> 
> Note that this bug has never manifested itself.  I guess we're lucky!
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

That the bug never manifested itself might be because it's in an unused
function. How about we finally just remove the unused callback-based
laio_submit() from the code?

At the time when I converted linux-aio to coroutines, someone (maybe
Paolo?) insisted that we keep the old interface because we might add a
new user sometime with possible shortcuts that bypass the whole coroutine
path, but it hasn't happened and I think we've moved even further in the
opposite direction since then.

Kevin

> I challenge you to find a place where laiocb->co is initialized and then
> we can drop this patch.  I've double-checked and cannot find it...
> 
>  block/linux-aio.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/block/linux-aio.c b/block/linux-aio.c
> index d4b61fb251..a097653be6 100644
> --- a/block/linux-aio.c
> +++ b/block/linux-aio.c
> @@ -440,6 +440,7 @@ BlockAIOCB *laio_submit(BlockDriverState *bs, LinuxAioState *s, int fd,
>      int ret;
>  
>      laiocb = qemu_aio_get(&laio_aiocb_info, bs, cb, opaque);
> +    laiocb->co = NULL;
>      laiocb->nbytes = nb_sectors * BDRV_SECTOR_SIZE;
>      laiocb->ctx = s;
>      laiocb->ret = -EINPROGRESS;
> -- 
> 2.21.0
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co
  2019-05-30  8:42 ` Kevin Wolf
@ 2019-05-30 14:07   ` Paolo Bonzini
  2019-05-30 17:39     ` Julia Suvorova via Qemu-devel
  0 siblings, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2019-05-30 14:07 UTC (permalink / raw)
  To: Kevin Wolf, Stefan Hajnoczi
  Cc: Max Reitz, Julia Suvorova, qemu-devel, qemu-block, Aarushi Mehta

On 30/05/19 10:42, Kevin Wolf wrote:
> Am 27.05.2019 um 11:23 hat Stefan Hajnoczi geschrieben:
>> qemu_aio_get() does not zero allocated memory.  Explicitly initialize
>> laiocb->co to prevent an uninitialized memory access in
>> qemu_laio_process_completion().
>>
>> Note that this bug has never manifested itself.  I guess we're lucky!
>>
>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
> That the bug never manifested itself might be because it's in an unused
> function. How about we finally just remove the unused callback-based
> laio_submit() from the code?
> 
> At the time when I converted linux-aio to coroutines, someone (maybe
> Paolo?) insisted that we keep the old interface because we might add a
> new user sometime with possible shortcuts that bypass the whole coroutine
> path, but it hasn't happened and I think we've moved even further in the
> opposite direction since then.

Yes, I suppose it's time.  Spending time fixing bugs in dead code is
always a sign that it's time. :)

Paolo


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co
  2019-05-30 14:07   ` Paolo Bonzini
@ 2019-05-30 17:39     ` Julia Suvorova via Qemu-devel
  0 siblings, 0 replies; 4+ messages in thread
From: Julia Suvorova via Qemu-devel @ 2019-05-30 17:39 UTC (permalink / raw)
  To: Paolo Bonzini, Kevin Wolf, Stefan Hajnoczi
  Cc: Max Reitz, qemu-devel, qemu-block, Aarushi Mehta

On 30.05.2019 17:07, Paolo Bonzini wrote:
> On 30/05/19 10:42, Kevin Wolf wrote:
>> Am 27.05.2019 um 11:23 hat Stefan Hajnoczi geschrieben:
>>> qemu_aio_get() does not zero allocated memory.  Explicitly initialize
>>> laiocb->co to prevent an uninitialized memory access in
>>> qemu_laio_process_completion().
>>>
>>> Note that this bug has never manifested itself.  I guess we're lucky!
>>>
>>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>>
>> That the bug never manifested itself might be because it's in an unused
>> function. How about we finally just remove the unused callback-based
>> laio_submit() from the code?
>>
>> At the time when I converted linux-aio to coroutines, someone (maybe
>> Paolo?) insisted that we keep the old interface because we might add a
>> new user sometime with possible shortcuts that bypass the whole coroutine
>> path, but it hasn't happened and I think we've moved even further in the
>> opposite direction since then.
> 
> Yes, I suppose it's time.  Spending time fixing bugs in dead code is
> always a sign that it's time. :)

Great, I'll clean it up.

Best regards, Julia Suvorova.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-05-30 17:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-27  9:23 [Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co Stefan Hajnoczi
2019-05-30  8:42 ` Kevin Wolf
2019-05-30 14:07   ` Paolo Bonzini
2019-05-30 17:39     ` Julia Suvorova via Qemu-devel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).