From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=33198 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Pv5WT-00039D-OS
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 05:12:42 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Pv5WS-0006Ly-L6
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 05:12:41 -0500
Received: from mail-vx0-f173.google.com ([209.85.220.173]:40878)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Pv5WS-0006Ll-GP
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 05:12:40 -0500
Received: by vxb41 with SMTP id 41so895773vxb.4
	for <qemu-devel@nongnu.org>; Thu, 03 Mar 2011 02:12:40 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20110302150422.GA13257@us.ibm.com>
References: <20110302150422.GA13257@us.ibm.com>
Date: Thu, 3 Mar 2011 10:12:39 +0000
Message-ID: <AANLkTik_Fu=asjFSBSEijDFs1yMBexGy200k-7g-oGVt@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH] Don't allow multiwrites against a block
	device without underlying medium
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ryan Harper <ryanh@us.ibm.com>
Cc: qemu-devel@nongnu.org

On Wed, Mar 2, 2011 at 3:04 PM, Ryan Harper <ryanh@us.ibm.com> wrote:
> If the block device has been closed, we no longer have a medium to submit
> IO against, check for this before submitting io. =A0This prevents a segfa=
ult
> further in the code where we dereference elements of the block driver.
>
> Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
> ---
> =A0block.c | =A0 =A05 +++++
> =A01 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/block.c b/block.c
> index 92dd3fe..534e1bc 100644
> --- a/block.c
> +++ b/block.c
> @@ -2407,6 +2407,11 @@ int bdrv_aio_multiwrite(BlockDriverState *bs, Bloc=
kRequest *reqs, int num_reqs)
> =A0 =A0 =A0 =A0 return 0;
> =A0 =A0 }
>
> + =A0 =A0/* don't submit writes if we don't have a medium */
> + =A0 =A0if (bs->drv =3D=3D NULL) {
> + =A0 =A0 =A0 return -1;
> + =A0 =A0}
> +

Most other bdrv_*() calls will error out immediately if !bs->drv.
Here you check only after returning success for num_reqs =3D=3D 0.  I
don't think it makes a huge difference and can see how these semantics
are handy (saves caller checking for num_reqs =3D=3D 0), but I wanted to
point it out.

More importantly, we're not obeying the contract of this function
here.  reqs[].error must be set to -ENOMEDIUM before returning -1.
Otherwise the caller thinks that reqs[] callbacks will still be
invoked in the future and cannot complete those requests.

Stefan