* [Qemu-devel] Suspicious code in qcow2.
@ 2011-09-07 16:42 Frediano Ziglio
2011-09-08 8:07 ` Kevin Wolf
0 siblings, 1 reply; 2+ messages in thread
From: Frediano Ziglio @ 2011-09-07 16:42 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel
Actually it does not cause problems but this code order seems a bit
wrong to me (block/qcow2-cluster.c)
QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
/* allocate a new cluster */
cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
if (cluster_offset < 0) {
ret = cluster_offset;
goto fail;
}
/* save info needed for meta data update */
m->offset = offset;
m->n_start = n_start;
m->nb_clusters = nb_clusters;
current metadata (m) get inserted in cluster allocation list with
nb_clusters set to 0. Loop on cluster_allocs "ignore" (wait for this
allocation or just skip it depending on dirty data in offset field)
this metadata. Currently all occur in a CoMutex so this does not cause
problems but in case qcow2_alloc_clusters unlock the mutex it can
occur to insert two overlapping updates into cluster_allocs. Perhaps a
better order would be
/* save info needed for meta data update */
m->offset = offset;
m->n_start = n_start;
m->nb_clusters = nb_clusters;
QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
/* allocate a new cluster */
cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
if (cluster_offset < 0) {
ret = cluster_offset;
goto fail;
}
(tested successfully with iotests suite)
Frediano
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] Suspicious code in qcow2.
2011-09-07 16:42 [Qemu-devel] Suspicious code in qcow2 Frediano Ziglio
@ 2011-09-08 8:07 ` Kevin Wolf
0 siblings, 0 replies; 2+ messages in thread
From: Kevin Wolf @ 2011-09-08 8:07 UTC (permalink / raw)
To: Frediano Ziglio; +Cc: qemu-devel
Am 07.09.2011 18:42, schrieb Frediano Ziglio:
> Actually it does not cause problems but this code order seems a bit
> wrong to me (block/qcow2-cluster.c)
>
>
> QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
>
> /* allocate a new cluster */
>
> cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
> if (cluster_offset < 0) {
> ret = cluster_offset;
> goto fail;
> }
>
> /* save info needed for meta data update */
> m->offset = offset;
> m->n_start = n_start;
> m->nb_clusters = nb_clusters;
>
>
> current metadata (m) get inserted in cluster allocation list with
> nb_clusters set to 0. Loop on cluster_allocs "ignore" (wait for this
> allocation or just skip it depending on dirty data in offset field)
> this metadata. Currently all occur in a CoMutex so this does not cause
> problems but in case qcow2_alloc_clusters unlock the mutex it can
> occur to insert two overlapping updates into cluster_allocs. Perhaps a
> better order would be
>
>
> /* save info needed for meta data update */
> m->offset = offset;
> m->n_start = n_start;
> m->nb_clusters = nb_clusters;
>
> QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
>
> /* allocate a new cluster */
>
> cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
> if (cluster_offset < 0) {
> ret = cluster_offset;
> goto fail;
> }
>
>
> (tested successfully with iotests suite)
Yes, that makes sense. Once we run this code without holding the
CoMutex, this becomes a real problem. Care to send a patch?
Kevin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-08 8:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-07 16:42 [Qemu-devel] Suspicious code in qcow2 Frediano Ziglio
2011-09-08 8:07 ` Kevin Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).