From: Max Reitz <mreitz@redhat.com>
To: Maxim Levitsky <mlevitsk@redhat.com>, qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-stable@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Qemu-block] [PATCH v2 6/7] curl: Handle success in multi_check_completion
Date: Fri, 13 Sep 2019 13:20:02 +0200 [thread overview]
Message-ID: <cd6879cf-222d-ea48-0bb7-49d0fc455374@redhat.com> (raw)
In-Reply-To: <b3a81eca84577a0524bd1be8366852e2801a65f1.camel@redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 6170 bytes --]
On 10.09.19 18:13, Maxim Levitsky wrote:
> On Tue, 2019-09-10 at 14:41 +0200, Max Reitz wrote:
>> Background: As of cURL 7.59.0, it verifies that several functions are
>> not called from within a callback. Among these functions is
>> curl_multi_add_handle().
>>
>> curl_read_cb() is a callback from cURL and not a coroutine. Waking up
>> acb->co will lead to entering it then and there, which means the current
>> request will settle and the caller (if it runs in the same coroutine)
>> may then issue the next request. In such a case, we will enter
>> curl_setup_preadv() effectively from within curl_read_cb().
>>
>> Calling curl_multi_add_handle() will then fail and the new request will
>> not be processed.
>>
>> Fix this by not letting curl_read_cb() wake up acb->co. Instead, leave
>> the whole business of settling the AIOCB objects to
>> curl_multi_check_completion() (which is called from our timer callback
>> and our FD handler, so not from any cURL callbacks).
>>
>> Reported-by: Natalie Gavrielov <ngavrilo@redhat.com>
>> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1740193
>> Cc: qemu-stable@nongnu.org
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> ---
>> block/curl.c | 69 ++++++++++++++++++++++------------------------------
>> 1 file changed, 29 insertions(+), 40 deletions(-)
>>
>> diff --git a/block/curl.c b/block/curl.c
>> index fd70f1ebc4..c343c7ed3d 100644
>> --- a/block/curl.c
>> +++ b/block/curl.c
>> @@ -229,7 +229,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
>> {
>> CURLState *s = ((CURLState*)opaque);
>> size_t realsize = size * nmemb;
>> - int i;
>>
>> trace_curl_read_cb(realsize);
>>
>> @@ -245,32 +244,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
>> memcpy(s->orig_buf + s->buf_off, ptr, realsize);
>> s->buf_off += realsize;
>>
>> - for(i=0; i<CURL_NUM_ACB; i++) {
>> - CURLAIOCB *acb = s->acb[i];
>> -
>> - if (!acb)
>> - continue;
>> -
>> - if ((s->buf_off >= acb->end)) {
>> - size_t request_length = acb->bytes;
>> -
>> - qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
>> - acb->end - acb->start);
>> -
>> - if (acb->end - acb->start < request_length) {
>> - size_t offset = acb->end - acb->start;
>> - qemu_iovec_memset(acb->qiov, offset, 0,
>> - request_length - offset);
>> - }
>> -
>> - acb->ret = 0;
>> - s->acb[i] = NULL;
>> - qemu_mutex_unlock(&s->s->mutex);
>> - aio_co_wake(acb->co);
>> - qemu_mutex_lock(&s->s->mutex);
>> - }
>> - }
>> -
>> read_end:
>> /* curl will error out if we do not return this value */
>> return size * nmemb;
>> @@ -351,13 +324,14 @@ static void curl_multi_check_completion(BDRVCURLState *s)
>> break;
>>
>> if (msg->msg == CURLMSG_DONE) {
>> + int i;
>> CURLState *state = NULL;
>> + bool error = msg->data.result != CURLE_OK;
>> +
>> curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
>> (char **)&state);
>>
>> - /* ACBs for successful messages get completed in curl_read_cb */
>> - if (msg->data.result != CURLE_OK) {
>> - int i;
>> + if (error) {
>> static int errcount = 100;
>>
>> /* Don't lose the original error message from curl, since
>> @@ -369,20 +343,35 @@ static void curl_multi_check_completion(BDRVCURLState *s)
>> error_report("curl: further errors suppressed");
>> }
>> }
>> + }
>>
>> - for (i = 0; i < CURL_NUM_ACB; i++) {
>> - CURLAIOCB *acb = state->acb[i];
>> + for (i = 0; i < CURL_NUM_ACB; i++) {
>> + CURLAIOCB *acb = state->acb[i];
>>
>> - if (acb == NULL) {
>> - continue;
>> - }
>> + if (acb == NULL) {
>> + continue;
>> + }
>> +
>> + if (!error) {
>> + /* Assert that we have read all data */
>> + assert(state->buf_off >= acb->end);
>> +
>> + qemu_iovec_from_buf(acb->qiov, 0,
>> + state->orig_buf + acb->start,
>> + acb->end - acb->start);
>>
>> - acb->ret = -EIO;
>> - state->acb[i] = NULL;
>> - qemu_mutex_unlock(&s->mutex);
>> - aio_co_wake(acb->co);
>> - qemu_mutex_lock(&s->mutex);
>> + if (acb->end - acb->start < acb->bytes) {
>> + size_t offset = acb->end - acb->start;
>> + qemu_iovec_memset(acb->qiov, offset, 0,
>> + acb->bytes - offset);
>> + }
> Original code was memsetting the tail of the buffer before waking up the coroutine.
> Is this change intended?
>
> aio_co_wake doesn't enter the co-routine if already in coroutine, but
> I think that this is an aio fd handler with isn't run in co-routine itself,
> so the callback could run with not yet ready data.
(Sorry, I don’t know why I forgot to reply.)
I don’t see how anything changes. aio_co_wake() is still called after
the qemu_iovec_memset().
Max
>> }
>> +
>> + acb->ret = error ? -EIO : 0;
>> + state->acb[i] = NULL;
>> + qemu_mutex_unlock(&s->mutex);
>> + aio_co_wake(acb->co);
>> + qemu_mutex_lock(&s->mutex);
>> }
>>
>> curl_clean_state(state);
>
>
> Best regards,
> Maxim Levitsky
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2019-09-13 11:21 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-10 12:41 [Qemu-devel] [PATCH v2 0/7] block/curl: Fix hang and potential crash Max Reitz
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 1/7] curl: Keep pointer to the CURLState in CURLSocket Max Reitz
2019-09-10 16:11 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 2/7] curl: Keep *socket until the end of curl_sock_cb() Max Reitz
2019-09-10 16:11 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-10 21:19 ` [Qemu-devel] " John Snow
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 3/7] curl: Check completion in curl_multi_do() Max Reitz
2019-09-10 16:11 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-11 1:16 ` John Snow
2019-09-11 6:51 ` Max Reitz
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 4/7] curl: Pass CURLSocket to curl_multi_do() Max Reitz
2019-09-10 16:12 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 5/7] curl: Report only ready sockets Max Reitz
2019-09-10 16:12 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 6/7] curl: Handle success in multi_check_completion Max Reitz
2019-09-10 16:13 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-13 11:20 ` Max Reitz [this message]
2019-09-13 11:47 ` Maxim Levitsky
2019-09-10 12:41 ` [Qemu-devel] [PATCH v2 7/7] curl: Check curl_multi_add_handle()'s return code Max Reitz
2019-09-10 16:13 ` [Qemu-devel] [Qemu-block] " Maxim Levitsky
2019-09-11 1:23 ` [Qemu-devel] [PATCH v2 0/7] block/curl: Fix hang and potential crash John Snow
2019-09-13 11:48 ` Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cd6879cf-222d-ea48-0bb7-49d0fc455374@redhat.com \
--to=mreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).