首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 123

KMF/qemu

forked from src-openEuler/qemu 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
blockjob-update-nodes-head-while-removing-all-bdrv.patch 2.08 KB
一键复制 编辑 原始数据 按行查看 历史
dogsheng 提交于 2019-12-25 16:06 . Package init
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
From b9405afb0956fe2c293a94bdc4440579e5c0efee Mon Sep 17 00:00:00 2001

From: Sergio Lopez <slp@redhat.com>

Date: Wed, 11 Sep 2019 12:03:16 +0200

Subject: [PATCH] blockjob: update nodes head while removing all bdrv



block_job_remove_all_bdrv() iterates through job->nodes, calling

bdrv_root_unref_child() for each entry. The call to the latter may

reach child_job_[can_]set_aio_ctx(), which will also attempt to

traverse job->nodes, potentially finding entries that where freed

on previous iterations.



To avoid this situation, update job->nodes head on each iteration to

ensure that already freed entries are no longer linked to the list.



RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1746631

Signed-off-by: Sergio Lopez <slp@redhat.com>

Cc: qemu-stable@nongnu.org

Signed-off-by: Max Reitz <mreitz@redhat.com>

Message-id: 20190911100316.32282-1-mreitz@redhat.com

Reviewed-by: Sergio Lopez <slp@redhat.com>

Signed-off-by: Max Reitz <mreitz@redhat.com>

(cherry picked from commit d876bf676f5e7c6aa9ac64555e48cba8734ecb2f)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

---

 blockjob.c | 17 +++++++++++++----

 1 file changed, 13 insertions(+), 4 deletions(-)



diff --git a/blockjob.c b/blockjob.c

index 730101d282..d770144fd6 100644

--- a/blockjob.c

+++ b/blockjob.c

@@ -193,14 +193,23 @@ static const BdrvChildRole child_job = {

 

 void block_job_remove_all_bdrv(BlockJob *job)

 {

-    GSList *l;

-    for (l = job->nodes; l; l = l->next) {

+    /*

+     * bdrv_root_unref_child() may reach child_job_[can_]set_aio_ctx(),

+     * which will also traverse job->nodes, so consume the list one by

+     * one to make sure that such a concurrent access does not attempt

+     * to process an already freed BdrvChild.

+     */

+    while (job->nodes) {

+        GSList *l = job->nodes;

         BdrvChild *c = l->data;

+

+        job->nodes = l->next;

+

         bdrv_op_unblock_all(c->bs, job->blocker);

         bdrv_root_unref_child(c);

+

+        g_slist_free_1(l);

     }

-    g_slist_free(job->nodes);

-    job->nodes = NULL;

 }

 

 int block_job_add_bdrv(BlockJob *job, const char *name, BlockDriverState *bs,

-- 

2.19.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化