GET

Cover Letter Detail

Show a cover letter.

GET /api/1.1/covers/2225045/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2225045,
    "url": "http://patchwork.ozlabs.org/api/1.1/covers/2225045/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/cover/20260420100655.3318452-1-den@openvz.org/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260420100655.3318452-1-den@openvz.org>",
    "date": "2026-04-20T10:06:53",
    "name": "[hci-8.0,0/1] block/linux-aio: fix reproducible SIGSEGV from unbounded ioq_submit() recursion",
    "submitter": {
        "id": 71296,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/71296/?format=api",
        "name": "Denis V. Lunev\" via qemu development",
        "email": "qemu-devel@nongnu.org"
    },
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/cover/20260420100655.3318452-1-den@openvz.org/mbox/",
    "series": [
        {
            "id": 500587,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/500587/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=500587",
            "date": "2026-04-20T10:06:53",
            "name": "block/linux-aio: fix reproducible SIGSEGV from unbounded ioq_submit() recursion",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/500587/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/2225045/comments/",
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=virtuozzo.com header.i=@virtuozzo.com header.a=rsa-sha256\n header.s=relay header.b=Vl3ZIExU;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzh5K42Zpz1yHr\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 20 Apr 2026 20:08:21 +1000 (AEST)",
            "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wElXo-0001mt-Iz; Mon, 20 Apr 2026 06:07:58 -0400",
            "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <den@openvz.org>)\n id 1wElWy-0001g3-22; Mon, 20 Apr 2026 06:07:05 -0400",
            "from relay.virtuozzo.com ([130.117.225.111])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <den@openvz.org>)\n id 1wElWu-0000j3-PC; Mon, 20 Apr 2026 06:07:02 -0400",
            "from ch-demo-asa.virtuozzo.com ([130.117.225.8] helo=iris.sw.ru)\n by relay.virtuozzo.com with esmtp (Exim 4.96)\n (envelope-from <den@openvz.org>) id 1wElUE-007lFH-0R;\n Mon, 20 Apr 2026 12:06:47 +0200"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n d=virtuozzo.com; s=relay; h=MIME-Version:Message-ID:Date:Subject:From:\n Content-Type; bh=pMGvy2zFiin+ZU8TdoW+2tV7tQOPHIfRfBdsSlKwizc=; b=Vl3ZIExUIWWF\n ojptat4EdQ89RS38irwoKsJ+1PgjER/9pbsQgF4TlFM+3jJsOhZmQOolClymYQ4WLbuCKv0jAFdci\n mfKvdxbgnFmHBqimnuhLoXtxRhrXlzpwpkILj5jBro15g5QeaQz79nZSsFuEtcJeL1tLjdGNFXc/l\n OO/WCiJiW896GYKzkEKbgpKwJb6755pQIamaSAKtL/PA4clYlBY/aLAklEHw+61WnvmIo2apVYFzg\n DOWiplQ1ykoJF1TDSsCpriVj+vpHlAZSKoT1lWmoRRNyEPoaGQWpW7RRl2M/JbEABmc+/11d3RXl8\n RhjYpFaK1JQZ+h3sxkX5zg==;",
        "To": "qemu-devel@nongnu.org,\n\tqemu-block@nongnu.org,\n\tqemu-stable@nongnu.org",
        "Cc": "kwolf@redhat.com, hreitz@redhat.com, stefanha@redhat.com,\n pbonzini@redhat.com, \"Denis V. Lunev\" <den@openvz.org>",
        "Subject": "[PATCH hci-8.0 0/1] block/linux-aio: fix reproducible SIGSEGV from\n unbounded ioq_submit() recursion",
        "Date": "Mon, 20 Apr 2026 12:06:53 +0200",
        "Message-ID": "<20260420100655.3318452-1-den@openvz.org>",
        "X-Mailer": "git-send-email 2.51.0",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Received-SPF": "softfail client-ip=130.117.225.111;\n envelope-from=den@openvz.org;\n helo=relay.virtuozzo.com",
        "X-Spam_score_int": "-34",
        "X-Spam_score": "-3.5",
        "X-Spam_bar": "---",
        "X-Spam_report": "(-3.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001,\n SPF_SOFTFAIL=0.665 autolearn=ham autolearn_force=no",
        "X-Spam_action": "no action",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "qemu development <qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Reply-to": "\"Denis V. Lunev\" <den@openvz.org>",
        "From": "\"Denis V. Lunev\" via qemu development <qemu-devel@nongnu.org>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"
    },
    "content": "Observed in production where a cached-I/O backup path was driven\nthrough aio=native, making io_submit(2) complete synchronously and\nclosing the recursion cycle.  On the supported aio=native + cache=none\n+ qcow2 configuration the cycle stays bounded by accident rather than\nby construction; this patch bounds it explicitly.\n\nBisect:\n\n  v8.1.0 (forward edge only)      no crash / 20\n  84d61e5f36^                     no crash / 20\n  84d61e5f36 (backward edge in)   crash at attempt 17\n  v8.2.0                          crash at attempt  4\n  master + this patch             no crash / 80\n\nThe closing commit is 84d61e5f36 (\"virtio: use defer_call() in\nvirtio_irqfd_notify()\").\n\nNo iotest: crash rate is 6..17 per 20 on unpatched master; a formal\ntest would be flaky.  The vmdk + aio=native + cache=none shape is\nnot otherwise exercised by the suite.\n\n--- gen-workload.py -----------------------------------------------\n#!/usr/bin/env python3\nimport random, sys\nREGION  = 32 * 1024 * 1024\nCLUSTER = 64 * 1024\nSEED    = 0xC0FFEE\ndef main(out):\n    r = random.Random(SEED); ops = []\n    for _ in range(10000):\n        off = r.randrange(0, REGION - 4096) & ~4095\n        ops.append(\"aio_write -q %d 4k\" % off)\n    for i in range(10000):\n        size, n = (\"64k\", 65536) if i < 5000 else (\"128k\", 131072)\n        off = r.randrange(0, REGION - n) & ~(CLUSTER - 1)\n        ops.append(\"aio_write -q -z -u %d %s\" % (off, size))\n    r.shuffle(ops); ops.append(\"aio_flush\")\n    open(out, \"w\").write(\"\\n\".join(ops) + \"\\n\")\nif __name__ == \"__main__\":\n    main(sys.argv[1] if len(sys.argv) > 1 else \"t.cmds\")\n-------------------------------------------------------------------\n\n--- repro.sh ------------------------------------------------------\n#!/bin/bash\nset -u\nqimg=$1; qio=$2; label=$3; attempts=${4:-20}\ncmds=${5:-$(dirname \"$0\")/t.cmds}\nvmdk=/tmp/t.$label.vmdk; log=/tmp/repro_$label.log\n: > \"$log\"\nfor i in $(seq 1 \"$attempts\"); do\n    rm -f \"$vmdk\"\n    \"$qimg\" create -f vmdk \"$vmdk\" 256M >/dev/null 2>&1\n    \"$qio\" -f vmdk -n --cache=none --aio=native \"$vmdk\" < \"$cmds\" \\\n        >>\"$log\" 2>&1\n    rc=$?\n    [ $rc -ge 128 ] && { echo \"CRASH attempt $i rc=$rc\" >>\"$log\"; break; }\ndone\necho \"DONE $label rc=$rc attempt=$i\" >> \"$log\"\n-------------------------------------------------------------------\n\n  python3 gen-workload.py t.cmds\n  ./repro.sh /path/to/qemu-img /path/to/qemu-io test 20\n\nNotes:\n\n * IOQ_SUBMIT_MAX_DEPTH = 8.  Round headroom over the bounded depth\n   of the supported async-completion path.\n * Per-thread __thread counter, matching util/defer-call.c's storage.\n   A per-LinuxAioState field would let multiple devices on one\n   thread recurse independently.\n\nDenis V. Lunev (1):\n  block/linux-aio: bound ioq_submit() recursion depth\n\n block/linux-aio.c | 23 +++++++++++++++++++++++\n 1 file changed, 23 insertions(+)\n\nSigned-off-by: Denis V. Lunev <den@openvz.org>\nCC: Kevin Wolf <kwolf@redhat.com>\nCC: Hanna Reitz <hreitz@redhat.com>\nCC: Stefan Hajnoczi <stefanha@redhat.com>\nCC: Paolo Bonzini <pbonzini@redhat.com>\n--\n2.51.0"
}