From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:37904) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T35Hk-00006P-BC for qemu-devel@nongnu.org; Sun, 19 Aug 2012 09:11:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T35Hi-0008Jg-6i for qemu-devel@nongnu.org; Sun, 19 Aug 2012 09:11:20 -0400 Received: from mail-we0-f173.google.com ([74.125.82.173]:53973) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T35Hi-0008JT-0U for qemu-devel@nongnu.org; Sun, 19 Aug 2012 09:11:18 -0400 Received: by weyz53 with SMTP id z53so3425167wey.4 for ; Sun, 19 Aug 2012 06:11:17 -0700 (PDT) Sender: Paolo Bonzini Message-ID: <5030E5F2.7060903@redhat.com> Date: Sun, 19 Aug 2012 15:11:14 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1345326543-10677-1-git-send-email-pbonzini@redhat.com> <50309BEE.3090602@profihost.ag> In-Reply-To: <50309BEE.3090602@profihost.ag> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH RFT 0/3] iscsi: fix NULL dereferences / races between task completion and abort List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Priebe Cc: qemu-devel@nongnu.org, ronniesahlberg@gmail.com Il 19/08/2012 09:55, Stefan Priebe ha scritto: > Hi Paolo, > > Am 18.08.2012 23:49, schrieb Paolo Bonzini: >> Hi Stefan, >> >> this is my version of your patch. I think the flow of the code is a >> bit simpler (or at least matches other implementations of cancellation). >> Can you test it on your test case? > I'm really sorry but your patch doesn't work at all. I'm not even able > to start the VM. KVM process hangs and never detaches itself. No problem, my fault---I'm just back and I haven't really started again all my stuff, so the patch was not tested. This should fix it, though. Paolo diff --git a/block/iscsi.c b/block/iscsi.c index 74ada64..0b96165 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -247,6 +247,7 @@ iscsi_aio_writev(BlockDriverState *bs, int64_t sector_num, acb->qiov = qiov; acb->canceled = 0; + acb->bh = NULL; acb->status = -EINPROGRESS; /* XXX we should pass the iovec to write16 to avoid the extra copy */ @@ -341,6 +342,7 @@ iscsi_aio_readv(BlockDriverState *bs, int64_t sector_num, acb->qiov = qiov; acb->canceled = 0; + acb->bh = NULL; acb->status = -EINPROGRESS; acb->read_size = qemu_read_size; acb->buf = NULL; @@ -442,6 +444,7 @@ iscsi_aio_flush(BlockDriverState *bs, acb->iscsilun = iscsilun; acb->canceled = 0; + acb->bh = NULL; acb->status = -EINPROGRESS; acb->task = iscsi_synchronizecache10_task(iscsi, iscsilun->lun, @@ -494,6 +497,7 @@ iscsi_aio_discard(BlockDriverState *bs, acb->iscsilun = iscsilun; acb->canceled = 0; + acb->bh = NULL; acb->status = -EINPROGRESS; list[0].lba = sector_qemu2lun(sector_num, iscsilun); @@ -568,6 +572,7 @@ static BlockDriverAIOCB *iscsi_aio_ioctl(BlockDriverState *bs, acb->iscsilun = iscsilun; acb->canceled = 0; + acb->bh = NULL; acb->status = -EINPROGRESS; acb->buf = NULL; acb->ioh = buf;