[pve-devel] [PATCH] fix another aio bug 0001-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch
Dietmar Maurer
dietmar at proxmox.com
Wed Jun 11 09:13:51 CEST 2014
applied, thanks
> -----Original Message-----
> From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf Of
> Stefan Priebe
> Sent: Donnerstag, 05. Juni 2014 08:20
> To: pve-devel at pve.proxmox.com
> Subject: [pve-devel] [PATCH] fix another aio bug 0001-aio-fix-
> qemu_bh_schedule-bh-ctx-race-condition.patch
>
>
> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
> ---
> ...ix-qemu_bh_schedule-bh-ctx-race-condition.patch | 55
> ++++++++++++++++++++
> debian/patches/series | 1 +
> 2 files changed, 56 insertions(+)
> create mode 100644 debian/patches/0001-aio-fix-qemu_bh_schedule-bh-ctx-
> race-condition.patch
>
> diff --git a/debian/patches/0001-aio-fix-qemu_bh_schedule-bh-ctx-race-
> condition.patch b/debian/patches/0001-aio-fix-qemu_bh_schedule-bh-ctx-race-
> condition.patch
> new file mode 100644
> index 0000000..a01765b
> --- /dev/null
> +++ b/debian/patches/0001-aio-fix-qemu_bh_schedule-bh-ctx-race-condition
> +++ .patch
> @@ -0,0 +1,55 @@
> +From 4535f739edfdea392e381811963823bf05649e42 Mon Sep 17 00:00:00
> 2001
> +From: Stefan Hajnoczi <stefanha at redhat.com>
> +Date: Tue, 3 Jun 2014 11:21:01 +0200
> +Subject: [PATCH] aio: fix qemu_bh_schedule() bh->ctx race condition
> +
> +qemu_bh_schedule() is supposed to be thread-safe at least the first
> +time it is called. Unfortunately this is not quite true:
> +
> + bh->scheduled = 1;
> + aio_notify(bh->ctx);
> +
> +Since another thread may run the BH callback once it has been
> +scheduled, there is a race condition if the callback frees the BH
> +before
> +aio_notify(bh->ctx) has a chance to run.
> +
> +Reported-by: Stefan Priebe <s.priebe at profihost.ag>
> +Signed-off-by: Stefan Hajnoczi <stefanha at redhat.com>
> +Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
> +---
> + async.c | 14 ++++++++++----
> + 1 file changed, 10 insertions(+), 4 deletions(-)
> +
> +diff --git a/async.c b/async.c
> +index 6930185..5b6fe6b 100644
> +--- a/async.c
> ++++ b/async.c
> +@@ -117,15 +117,21 @@ void qemu_bh_schedule_idle(QEMUBH *bh)
> +
> + void qemu_bh_schedule(QEMUBH *bh)
> + {
> ++ AioContext *ctx;
> ++
> + if (bh->scheduled)
> + return;
> ++ ctx = bh->ctx;
> + bh->idle = 0;
> +- /* Make sure that idle & any writes needed by the callback are done
> +- * before the locations are read in the aio_bh_poll.
> ++ /* Make sure that:
> ++ * 1. idle & any writes needed by the callback are done before the
> ++ * locations are read in the aio_bh_poll.
> ++ * 2. ctx is loaded before scheduled is set and the callback has a chance
> ++ * to execute.
> + */
> +- smp_wmb();
> ++ smp_mb();
> + bh->scheduled = 1;
> +- aio_notify(bh->ctx);
> ++ aio_notify(ctx);
> + }
> +
> +
> +--
> +1.7.10.4
> +
> diff --git a/debian/patches/series b/debian/patches/series index
> 3dc1c11..926211a 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -26,3 +26,4 @@ internal-snapshot-async.patch disable-efi-enable-pxe-
> roms.patch backup-vma-allow-empty-backups.patch
> 0001-aio-Fix-use-after-free-in-cancellation-path.patch
> +0001-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch
> --
> 1.7.10.4
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list