From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lo2o3-0003q9-64 for qemu-devel@nongnu.org; Sun, 29 Mar 2009 17:44:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lo2ny-0003oe-El for qemu-devel@nongnu.org; Sun, 29 Mar 2009 17:44:38 -0400 Received: from [199.232.76.173] (port=40312 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lo2ny-0003ob-9D for qemu-devel@nongnu.org; Sun, 29 Mar 2009 17:44:34 -0400 Received: from mail-gx0-f176.google.com ([209.85.217.176]:60419) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Lo2ny-00074R-04 for qemu-devel@nongnu.org; Sun, 29 Mar 2009 17:44:34 -0400 Received: by gxk24 with SMTP id 24so3723322gxk.10 for ; Sun, 29 Mar 2009 14:44:33 -0700 (PDT) Message-ID: <49CFEBBF.4030408@codemonkey.ws> Date: Sun, 29 Mar 2009 16:44:31 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 3/5] push down vector linearization to posix-aio-compat.c References: <20090329195346.GA625@lst.de> <20090329195452.GC1215@lst.de> <49CFE1A6.90509@codemonkey.ws> <20090329212152.GA4498@lst.de> In-Reply-To: <20090329212152.GA4498@lst.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Christoph Hellwig Christoph Hellwig wrote: > On Sun, Mar 29, 2009 at 04:01:26PM -0500, Anthony Liguori wrote: > >> This bug is not limited to win32 though. It has to do with having a >> backend disk format that does not provide a proper aio implement (which >> suggests your new brv_aio_{readv,writev}_em at fault). You can >> reproduce on a normal Linux build by converting an existing image to a >> format like vmdk and then testing with that. It's not 100% reliable but >> 9 times out of 10 I don't get past the grub loader with this patch applied. >> > > This bug? I did test cow, vmdk and vpc and can't reproduce it. By > inspection I can find a use after free in bdrv_aio_bh_cb, though > I assume you mean this. I've confirmed that with this fix, it now works with win32 and vmdk on Linux. It doesn't get triggered unless you're bouncing in block.c which won't happen unless you have a driver that doesn't support the aio functions. That's why I couldn't reproduce it without vmdk on Linux. diff --git a/block.c b/block.c index b41e421..49c38c1 100644 --- a/block.c +++ b/block.c @@ -1334,12 +1334,12 @@ static void bdrv_aio_bh_cb(void *opaque) { BlockDriverAIOCBSync *acb = opaque; - qemu_vfree(acb->bounce); - if (!acb->is_write) qemu_iovec_from_buffer(acb->qiov, acb->bounce, acb->qiov->size); acb->common.cb(acb->common.opaque, acb->ret); + qemu_vfree(acb->bounce); + qemu_aio_release(acb); } > Will repost the whole series, the win32 aio removal and some > recent scsi-disk commits caused a whole lot of rejects.. > Just two and I've fixed them locally but I can wait for you to resubmit if you'd like. Regards, Anthony Liguori