diff mbox

[PULL,10/11] block: Fix bdrv_co_flush early return

Message ID 20170411122632.14050-11-famz@redhat.com
State New
Headers show

Commit Message

Fam Zheng April 11, 2017, 12:26 p.m. UTC 
bdrv_inc_in_flight and bdrv_dec_in_flight are mandatory for
BDRV_POLL_WHILE to work, even for the shortcut case where flush is
unnecessary. Move the if block to below bdrv_dec_in_flight, and BTW fix
the variable declaration position.

Signed-off-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
---
 block/io.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

Comments

Peter Maydell April 25, 2017, 3 p.m. UTC | #1 
On 11 April 2017 at 13:26, Fam Zheng <famz@redhat.com> wrote:
> bdrv_inc_in_flight and bdrv_dec_in_flight are mandatory for
> BDRV_POLL_WHILE to work, even for the shortcut case where flush is
> unnecessary. Move the if block to below bdrv_dec_in_flight, and BTW fix
> the variable declaration position.
>
> Signed-off-by: Fam Zheng <famz@redhat.com>
> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  block/io.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/block/io.c b/block/io.c
> index 00e45ca..bae6947 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -2278,16 +2278,17 @@ static void coroutine_fn bdrv_flush_co_entry(void *opaque)
>
>  int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
>  {
> -    int ret;
> -
> -    if (!bs || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs) ||
> -        bdrv_is_sg(bs)) {
> -        return 0;
> -    }
> +    int current_gen;
> +    int ret = 0;
>
>      bdrv_inc_in_flight(bs);
>
> -    int current_gen = bs->write_gen;
> +    if (!bs || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs) ||
> +        bdrv_is_sg(bs)) {
> +        goto early_exit;
> +    }

Coverity points out that there's a problem here -- we call
bdrv_inc_in_flight(bs), which assumes bs is not NULL, before
we do the test for whether bs is NULL.

Presumably the NULL check needs to be pulled up earlier in
the function?

thanks
-- PMM
Fam Zheng April 26, 2017, 12:19 a.m. UTC | #2 
On Tue, 04/25 16:00, Peter Maydell wrote:
> 
> Coverity points out that there's a problem here -- we call
> bdrv_inc_in_flight(bs), which assumes bs is not NULL, before
> we do the test for whether bs is NULL.
> 
> Presumably the NULL check needs to be pulled up earlier in
> the function?
> 

Yes, will take care of this one.

Fam
diff mbox

Patch

diff --git a/block/io.c b/block/io.c
index 00e45ca..bae6947 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2278,16 +2278,17 @@  static void coroutine_fn bdrv_flush_co_entry(void *opaque)
 
 int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
 {
-    int ret;
-
-    if (!bs || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs) ||
-        bdrv_is_sg(bs)) {
-        return 0;
-    }
+    int current_gen;
+    int ret = 0;
 
     bdrv_inc_in_flight(bs);
 
-    int current_gen = bs->write_gen;
+    if (!bs || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs) ||
+        bdrv_is_sg(bs)) {
+        goto early_exit;
+    }
+
+    current_gen = bs->write_gen;
 
     /* Wait until any previous flushes are completed */
     while (bs->active_flush_req) {
@@ -2370,6 +2371,7 @@  out:
     /* Return value is ignored - it's ok if wait queue is empty */
     qemu_co_queue_next(&bs->flush_queue);
 
+early_exit:
     bdrv_dec_in_flight(bs);
     return ret;
 }