Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 807080,
    "url": "http://patchwork.ozlabs.org/api/patches/807080/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20170829122745.14309-2-stefanha@redhat.com/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170829122745.14309-2-stefanha@redhat.com>",
    "list_archive_url": null,
    "date": "2017-08-29T12:27:43",
    "name": "[v2,1/3] nbd-client: avoid read_reply_co entry if send failed",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "1b126bc77adce028fda3099e3f0c36a237bfbea7",
    "submitter": {
        "id": 17227,
        "url": "http://patchwork.ozlabs.org/api/people/17227/?format=api",
        "name": "Stefan Hajnoczi",
        "email": "stefanha@redhat.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20170829122745.14309-2-stefanha@redhat.com/mbox/",
    "series": [
        {
            "id": 359,
            "url": "http://patchwork.ozlabs.org/api/series/359/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=359",
            "date": "2017-08-29T12:27:42",
            "name": "nbd-client: enter read_reply_co during init to avoid crash",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/359/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/807080/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/807080/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)",
            "ext-mx02.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com",
            "ext-mx02.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=stefanha@redhat.com"
        ],
        "Received": [
            "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhSfp58PKz9sNc\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 29 Aug 2017 22:31:14 +1000 (AEST)",
            "from localhost ([::1]:44718 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dmffk-0007ot-Kg\n\tfor incoming@patchwork.ozlabs.org; Tue, 29 Aug 2017 08:31:12 -0400",
            "from eggs.gnu.org ([2001:4830:134:3::10]:43065)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <stefanha@redhat.com>) id 1dmfcf-0005Ze-Kx\n\tfor qemu-devel@nongnu.org; Tue, 29 Aug 2017 08:28:07 -0400",
            "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <stefanha@redhat.com>) id 1dmfce-0002kS-G1\n\tfor qemu-devel@nongnu.org; Tue, 29 Aug 2017 08:28:01 -0400",
            "from mx1.redhat.com ([209.132.183.28]:18537)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <stefanha@redhat.com>)\n\tid 1dmfcb-0002ih-Bo; Tue, 29 Aug 2017 08:27:57 -0400",
            "from smtp.corp.redhat.com\n\t(int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 4EA1780C03;\n\tTue, 29 Aug 2017 12:27:56 +0000 (UTC)",
            "from localhost (ovpn-117-175.ams2.redhat.com [10.36.117.175])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 4F33970651;\n\tTue, 29 Aug 2017 12:27:52 +0000 (UTC)"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 4EA1780C03",
        "From": "Stefan Hajnoczi <stefanha@redhat.com>",
        "To": "<qemu-devel@nongnu.org>",
        "Date": "Tue, 29 Aug 2017 13:27:43 +0100",
        "Message-Id": "<20170829122745.14309-2-stefanha@redhat.com>",
        "In-Reply-To": "<20170829122745.14309-1-stefanha@redhat.com>",
        "References": "<20170829122745.14309-1-stefanha@redhat.com>",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.12",
        "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.26]);\n\tTue, 29 Aug 2017 12:27:56 +0000 (UTC)",
        "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]",
        "X-Received-From": "209.132.183.28",
        "Subject": "[Qemu-devel] [PATCH v2 1/3] nbd-client: avoid read_reply_co entry\n\tif send failed",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.21",
        "Precedence": "list",
        "List-Id": "<qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Cc": "Kevin Wolf <kwolf@redhat.com>,\n\tVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,\n\tqemu-block@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>,\n\tPaolo Bonzini <pbonzini@redhat.com>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"
    },
    "content": "The following segfault is encountered if the NBD server closes the UNIX\ndomain socket immediately after negotiation:\n\n  Program terminated with signal SIGSEGV, Segmentation fault.\n  #0  aio_co_schedule (ctx=0x0, co=0xd3c0ff2ef0) at util/async.c:441\n  441       QSLIST_INSERT_HEAD_ATOMIC(&ctx->scheduled_coroutines,\n  (gdb) bt\n  #0  0x000000d3c01a50f8 in aio_co_schedule (ctx=0x0, co=0xd3c0ff2ef0) at util/async.c:441\n  #1  0x000000d3c012fa90 in nbd_coroutine_end (bs=bs@entry=0xd3c0fec650, request=<optimized out>) at block/nbd-client.c:207\n  #2  0x000000d3c012fb58 in nbd_client_co_preadv (bs=0xd3c0fec650, offset=0, bytes=<optimized out>, qiov=0x7ffc10a91b20, flags=0) at block/nbd-client.c:237\n  #3  0x000000d3c0128e63 in bdrv_driver_preadv (bs=bs@entry=0xd3c0fec650, offset=offset@entry=0, bytes=bytes@entry=512, qiov=qiov@entry=0x7ffc10a91b20, flags=0) at block/io.c:836\n  #4  0x000000d3c012c3e0 in bdrv_aligned_preadv (child=child@entry=0xd3c0ff51d0, req=req@entry=0x7f31885d6e90, offset=offset@entry=0, bytes=bytes@entry=512, align=align@entry=1, qiov=qiov@entry=0x7ffc10a91b20, f\n+lags=0) at block/io.c:1086\n  #5  0x000000d3c012c6b8 in bdrv_co_preadv (child=0xd3c0ff51d0, offset=offset@entry=0, bytes=bytes@entry=512, qiov=qiov@entry=0x7ffc10a91b20, flags=flags@entry=0) at block/io.c:1182\n  #6  0x000000d3c011cc17 in blk_co_preadv (blk=0xd3c0ff4f80, offset=0, bytes=512, qiov=0x7ffc10a91b20, flags=0) at block/block-backend.c:1032\n  #7  0x000000d3c011ccec in blk_read_entry (opaque=0x7ffc10a91b40) at block/block-backend.c:1079\n  #8  0x000000d3c01bbb96 in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:79\n  #9  0x00007f3196cb8600 in __start_context () at /lib64/libc.so.6\n\nThe problem is that nbd_client_init() uses\nnbd_client_attach_aio_context() -> aio_co_schedule(new_context,\nclient->read_reply_co).  Execution of read_reply_co is deferred to a BH\nwhich doesn't run until later.\n\nIn the mean time blk_co_preadv() can be called and nbd_coroutine_end()\ncalls aio_wake() on read_reply_co.  At this point in time\nread_reply_co's ctx isn't set because it has never been entered yet.\n\nThis patch simplifies the nbd_co_send_request() ->\nnbd_co_receive_reply() -> nbd_coroutine_end() lifecycle to just\nnbd_co_send_request() -> nbd_co_receive_reply().  The request is \"ended\"\nif an error occurs at any point.  Callers no longer have to invoke\nnbd_coroutine_end().\n\nThis cleanup also eliminates the segfault because we don't call\naio_co_schedule() to wake up s->read_reply_co if sending the request\nfailed.  It is only necessary to wake up s->read_reply_co if a reply was\nreceived.\n\nNote this only happens with UNIX domain sockets on Linux.  It doesn't\nseem possible to reproduce this with TCP sockets.\n\nSuggested-by: Paolo Bonzini <pbonzini@redhat.com>\nSigned-off-by: Stefan Hajnoczi <stefanha@redhat.com>\n---\n block/nbd-client.c | 25 +++++++++----------------\n 1 file changed, 9 insertions(+), 16 deletions(-)",
    "diff": "diff --git a/block/nbd-client.c b/block/nbd-client.c\nindex 25bcaa2346..ea728fffc8 100644\n--- a/block/nbd-client.c\n+++ b/block/nbd-client.c\n@@ -144,12 +144,12 @@ static int nbd_co_send_request(BlockDriverState *bs,\n     request->handle = INDEX_TO_HANDLE(s, i);\n \n     if (s->quit) {\n-        qemu_co_mutex_unlock(&s->send_mutex);\n-        return -EIO;\n+        rc = -EIO;\n+        goto err;\n     }\n     if (!s->ioc) {\n-        qemu_co_mutex_unlock(&s->send_mutex);\n-        return -EPIPE;\n+        rc = -EPIPE;\n+        goto err;\n     }\n \n     if (qiov) {\n@@ -166,8 +166,13 @@ static int nbd_co_send_request(BlockDriverState *bs,\n     } else {\n         rc = nbd_send_request(s->ioc, request);\n     }\n+\n+err:\n     if (rc < 0) {\n         s->quit = true;\n+        s->requests[i].coroutine = NULL;\n+        s->in_flight--;\n+        qemu_co_queue_next(&s->free_sema);\n     }\n     qemu_co_mutex_unlock(&s->send_mutex);\n     return rc;\n@@ -201,13 +206,6 @@ static void nbd_co_receive_reply(NBDClientSession *s,\n         /* Tell the read handler to read another header.  */\n         s->reply.handle = 0;\n     }\n-}\n-\n-static void nbd_coroutine_end(BlockDriverState *bs,\n-                              NBDRequest *request)\n-{\n-    NBDClientSession *s = nbd_get_client_session(bs);\n-    int i = HANDLE_TO_INDEX(s, request->handle);\n \n     s->requests[i].coroutine = NULL;\n \n@@ -243,7 +241,6 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t offset,\n     } else {\n         nbd_co_receive_reply(client, &request, &reply, qiov);\n     }\n-    nbd_coroutine_end(bs, &request);\n     return -reply.error;\n }\n \n@@ -272,7 +269,6 @@ int nbd_client_co_pwritev(BlockDriverState *bs, uint64_t offset,\n     } else {\n         nbd_co_receive_reply(client, &request, &reply, NULL);\n     }\n-    nbd_coroutine_end(bs, &request);\n     return -reply.error;\n }\n \n@@ -306,7 +302,6 @@ int nbd_client_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset,\n     } else {\n         nbd_co_receive_reply(client, &request, &reply, NULL);\n     }\n-    nbd_coroutine_end(bs, &request);\n     return -reply.error;\n }\n \n@@ -330,7 +325,6 @@ int nbd_client_co_flush(BlockDriverState *bs)\n     } else {\n         nbd_co_receive_reply(client, &request, &reply, NULL);\n     }\n-    nbd_coroutine_end(bs, &request);\n     return -reply.error;\n }\n \n@@ -355,7 +349,6 @@ int nbd_client_co_pdiscard(BlockDriverState *bs, int64_t offset, int bytes)\n     } else {\n         nbd_co_receive_reply(client, &request, &reply, NULL);\n     }\n-    nbd_coroutine_end(bs, &request);\n     return -reply.error;\n \n }\n",
    "prefixes": [
        "v2",
        "1/3"
    ]
}