rpms / qemu-kvm

Clone
Source Code
GIT

Blame SOURCES/kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-stream-rhel c9 c9-beta
  1.   c8-stream-rhel
  2.   SOURCES
  3.   kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch
Blob History Raw
97168e 
From df836ee4b4e2a69cca5042a3a9daf2c41dc2aa58 Mon Sep 17 00:00:00 2001
97168e 
From: Stefan Hajnoczi <stefanha@redhat.com>
97168e 
Date: Tue, 21 Feb 2023 16:22:16 -0500
97168e 
Subject: [PATCH 11/13] scsi: protect req->aiocb with AioContext lock
97168e
97168e 
RH-Author: Stefan Hajnoczi <stefanha@redhat.com>
97168e 
RH-MergeRequest: 264: scsi: protect req->aiocb with AioContext lock
97168e 
RH-Bugzilla: 2090990
97168e 
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
97168e 
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
97168e 
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
97168e 
RH-Commit: [1/3] e6a6d4109713e0fd6d6c515535c66196fea98688
97168e
97168e 
If requests are being processed in the IOThread when a SCSIDevice is
97168e 
unplugged, scsi_device_purge_requests() -> scsi_req_cancel_async() races
97168e 
with I/O completion callbacks. Both threads load and store req->aiocb.
97168e 
This can lead to assert(r->req.aiocb == NULL) failures and undefined
97168e 
behavior.
97168e
97168e 
Protect r->req.aiocb with the AioContext lock to prevent the race.
97168e
97168e 
Reviewed-by: Eric Blake <eblake@redhat.com>
97168e 
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
97168e 
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
97168e 
Message-Id: <20230221212218.1378734-2-stefanha@redhat.com>
97168e 
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
97168e 
(cherry picked from commit 7b7fc3d0102dafe8eb44802493036a526e921a71)
97168e 
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
97168e 
---
97168e 
 hw/scsi/scsi-disk.c    | 23 ++++++++++++++++-------
97168e 
 hw/scsi/scsi-generic.c | 11 ++++++-----
97168e 
 2 files changed, 22 insertions(+), 12 deletions(-)
97168e
97168e 
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
97168e 
index d4914178ea..179ce22c4a 100644
97168e 
--- a/hw/scsi/scsi-disk.c
97168e 
+++ b/hw/scsi/scsi-disk.c
97168e 
@@ -270,9 +270,11 @@ static void scsi_aio_complete(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     if (scsi_disk_req_check_error(r, ret, true)) {
97168e 
         goto done;
97168e 
     }
97168e 
@@ -354,10 +356,11 @@ static void scsi_dma_complete(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
     if (ret < 0) {
97168e 
         block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
97168e 
     } else {
97168e 
@@ -390,10 +393,11 @@ static void scsi_read_complete(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
     if (ret < 0) {
97168e 
         block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
97168e 
     } else {
97168e 
@@ -443,10 +447,11 @@ static void scsi_do_read_cb(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert (r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
     if (ret < 0) {
97168e 
         block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
97168e 
     } else {
97168e 
@@ -527,10 +532,11 @@ static void scsi_write_complete(void * opaque, int ret)
97168e 
     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert (r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
     if (ret < 0) {
97168e 
         block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
97168e 
     } else {
97168e 
@@ -1659,10 +1665,11 @@ static void scsi_unmap_complete(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = data->r;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
     if (scsi_disk_req_check_error(r, ret, true)) {
97168e 
         scsi_req_unref(&r->req);
97168e 
         g_free(data);
97168e 
@@ -1738,9 +1745,11 @@ static void scsi_write_same_complete(void *opaque, int ret)
97168e 
     SCSIDiskReq *r = data->r;
97168e 
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e 
-    aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
97168e 
+
97168e 
     if (scsi_disk_req_check_error(r, ret, true)) {
97168e 
         goto done;
97168e 
     }
97168e 
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
97168e 
index 3742899839..a1a40df64b 100644
97168e 
--- a/hw/scsi/scsi-generic.c
97168e 
+++ b/hw/scsi/scsi-generic.c
97168e 
@@ -111,10 +111,11 @@ static void scsi_command_complete(void *opaque, int ret)
97168e 
     SCSIGenericReq *r = (SCSIGenericReq *)opaque;
97168e 
     SCSIDevice *s = r->req.dev;
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
     scsi_command_complete_noio(r, ret);
97168e 
     aio_context_release(blk_get_aio_context(s->conf.blk));
97168e 
 }
97168e 
@@ -269,11 +270,11 @@ static void scsi_read_complete(void * opaque, int ret)
97168e 
     SCSIDevice *s = r->req.dev;
97168e 
     int len;
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
-
97168e 
     if (ret || r->req.io_canceled) {
97168e 
         scsi_command_complete_noio(r, ret);
97168e 
         goto done;
97168e 
@@ -387,11 +388,11 @@ static void scsi_write_complete(void * opaque, int ret)
97168e
97168e 
     trace_scsi_generic_write_complete(ret);
97168e
97168e 
+    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
+
97168e 
     assert(r->req.aiocb != NULL);
97168e 
     r->req.aiocb = NULL;
97168e
97168e 
-    aio_context_acquire(blk_get_aio_context(s->conf.blk));
97168e 
-
97168e 
     if (ret || r->req.io_canceled) {
97168e 
         scsi_command_complete_noio(r, ret);
97168e 
         goto done;
97168e 
--
97168e 
2.37.3
97168e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation