Re: [Qemu-devel] [PATCH 1/3] nbd-client: enter read_reply_co during init to avoid crash

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Eric Blake <eblake@redhat.com>,
	qemu-block@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 1/3] nbd-client: enter read_reply_co during init to avoid crash
Date: Thu, 24 Aug 2017 18:21:50 +0200	[thread overview]
Message-ID: <a839e5fa-0495-902c-5a20-6592ab07bb9e@redhat.com> (raw)
In-Reply-To: <20170824153345.2244-2-stefanha@redhat.com>

On 24/08/2017 17:33, Stefan Hajnoczi wrote:
> This patch enters read_reply_co directly in
> nbd_client_attach_aio_context().  This is safe because new_context is
> acquired by the caller.  This ensures that read_reply_co reaches its
> first yield point and its ctx is set up.

I'm not very confident with this patch.  aio_context_acquire/release is
going to go away, and this then becomes possible

	main context			new_context
	qemu_aio_coroutine_enter
					send request
					wait for reply
	read first reply
	wake coroutine

where the "wake coroutine" part thinks it's running in new_context, and
thus simply enters the coroutine instead of using the bottom half.

But blk_co_preadv() should need the read_reply_co itself, in order to be
woken up after reading the reply header.  The core issue here is that
nbd_co_receive_reply was never called, I suspect.  And if it was never
called, read_reply_co should not be woken up by nbd_coroutine_end.

So the fix is:

1) assign NULL to s->recv_coroutine[i] when nbd_co_send_request fails

2) move this to nbd_co_receive_reply:

    s->recv_coroutine[i] = NULL;

    /* Kick the read_reply_co to get the next reply.  */
    if (s->read_reply_co) {
        aio_co_wake(s->read_reply_co);
    }

Does this make sense?  (Note that the read_reply_co idea actually came
from you, or from my recollections of your proposed design :)).

Paolo

> Note this only happens with UNIX domain sockets on Linux.  It doesn't
> seem possible to reproduce this with TCP sockets.
> 
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  block/nbd-client.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/block/nbd-client.c b/block/nbd-client.c
> index 25bcaa2346..0a7f32779e 100644
> --- a/block/nbd-client.c
> +++ b/block/nbd-client.c
> @@ -371,7 +371,7 @@ void nbd_client_attach_aio_context(BlockDriverState *bs,
>  {
>      NBDClientSession *client = nbd_get_client_session(bs);
>      qio_channel_attach_aio_context(QIO_CHANNEL(client->ioc), new_context);
> -    aio_co_schedule(new_context, client->read_reply_co);
> +    qemu_aio_coroutine_enter(new_context, client->read_reply_co);
>  }

next prev parent reply	other threads:[~2017-08-24 16:22 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-24 15:33 [Qemu-devel] [PATCH 0/3] nbd-client: enter read_reply_co during init to avoid crash Stefan Hajnoczi
2017-08-24 15:33 ` [Qemu-devel] [PATCH 1/3] " Stefan Hajnoczi
2017-08-24 16:21   ` Paolo Bonzini [this message]
2017-08-24 17:37     ` Eric Blake
2017-08-24 17:42       ` Paolo Bonzini
2017-08-25 15:57         ` Vladimir Sementsov-Ogievskiy
2017-08-25 10:40     ` [Qemu-devel] [Qemu-block] " Stefan Hajnoczi
2017-08-24 15:33 ` [Qemu-devel] [PATCH 2/3] qemu-iotests: improve nbd-fault-injector.py startup protocol Stefan Hajnoczi
2017-08-24 17:39   ` Eric Blake
2017-08-24 15:33 ` [Qemu-devel] [PATCH 3/3] qemu-iotests: test NBD over UNIX domain sockets in 083 Stefan Hajnoczi
2017-08-24 17:45   ` Eric Blake
2017-08-24 15:52 ` [Qemu-devel] [PATCH 0/3] nbd-client: enter read_reply_co during init to avoid crash Eric Blake
2017-08-24 16:05   ` [Qemu-devel] [Qemu-block] " Stefan Hajnoczi
2017-08-25 15:08     ` Eric Blake
2017-08-25 20:33       ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a839e5fa-0495-902c-5a20-6592ab07bb9e@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=eblake@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).