| Message ID | 20170918135935.255591-3-vsementsov@virtuozzo.com |
|---|---|
| State | New |
| Headers | show |
| Series | nbd client refactoring and fixing | expand |
On 09/18/2017 08:59 AM, Vladimir Sementsov-Ogievskiy wrote: > Check reply-handle == request-handle in the same place, where s/,// > recv coroutine number is calculated from reply->handle and it's > correctness checked - in nbd_read_reply_entry. > > Also finish nbd_read_reply_entry in case of reply-handle != > request-handle in the same way as in case of incorrect reply-handle. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> > --- > block/nbd-client.h | 1 + > block/nbd-client.c | 8 ++++++-- > 2 files changed, 7 insertions(+), 2 deletions(-) > Reviewed-by: Eric Blake <eblake@redhat.com>
On 09/18/2017 08:59 AM, Vladimir Sementsov-Ogievskiy wrote: > Check reply-handle == request-handle in the same place, where > recv coroutine number is calculated from reply->handle and it's > correctness checked - in nbd_read_reply_entry. > > Also finish nbd_read_reply_entry in case of reply-handle != > request-handle in the same way as in case of incorrect reply-handle. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> > --- > block/nbd-client.h | 1 + > block/nbd-client.c | 8 ++++++-- > 2 files changed, 7 insertions(+), 2 deletions(-) On second thought: > +++ b/block/nbd-client.c > @@ -92,7 +92,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque) > i = HANDLE_TO_INDEX(s, s->reply.handle); > if (i >= MAX_NBD_REQUESTS || > !s->requests[i].coroutine || > - !s->requests[i].receiving) { > + !s->requests[i].receiving || > + s->reply.handle != s->requests[i].request->handle) How can this condition ever be false? s->reply.handle only ever contains two values: 0 when it is being reused for the next iteration of the loop, or the (munged) address of the request pointer. But we are careful that we never write s->reply.handle = 0 until after s->requests[i].receiving is false. So we will never see s->reply.handle equal to 0 here. (It may have been possible prior to the introduction of reply.receiving, in commit 40f4a218, but I'm not seeing it now) If I'm right, then this patch can be simplified - we don't need to track s.requests[i].request, and can merely: > @@ -189,9 +192,10 @@ static int nbd_co_receive_reply(NBDClientSession *s, > s->requests[i].receiving = true; > qemu_coroutine_yield(); > s->requests[i].receiving = false; > - if (s->reply.handle != request->handle || !s->ioc || s->quit) { shorten this conditional to remove the now-dead condition. > + if (!s->ioc || s->quit) { > ret = -EIO; > } else { > + assert(s->reply.handle == request->handle); > ret = -s->reply.error; > if (qiov && s->reply.error == 0) { > assert(request->len == iov_size(qiov->iov, qiov->niov)); > [Oh, and I just noticed HANDLE_TO_INDEX() and INDEX_TO_HANDLE() are improperly parenthesized, although to no ill effect with current clients]
diff --git a/block/nbd-client.h b/block/nbd-client.h index b435754b82..b1900e6a6d 100644 --- a/block/nbd-client.h +++ b/block/nbd-client.h @@ -20,6 +20,7 @@ typedef struct { Coroutine *coroutine; bool receiving; /* waiting for read_reply_co? */ + NBDRequest *request; } NBDClientRequest; typedef struct NBDClientSession { diff --git a/block/nbd-client.c b/block/nbd-client.c index acd8e5d007..5f241ecc22 100644 --- a/block/nbd-client.c +++ b/block/nbd-client.c @@ -92,7 +92,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque) i = HANDLE_TO_INDEX(s, s->reply.handle); if (i >= MAX_NBD_REQUESTS || !s->requests[i].coroutine || - !s->requests[i].receiving) { + !s->requests[i].receiving || + s->reply.handle != s->requests[i].request->handle) + { break; } @@ -142,6 +144,7 @@ static int nbd_co_send_request(BlockDriverState *bs, s->requests[i].receiving = false; request->handle = INDEX_TO_HANDLE(s, i); + s->requests[i].request = request; if (s->quit) { rc = -EIO; @@ -189,9 +192,10 @@ static int nbd_co_receive_reply(NBDClientSession *s, s->requests[i].receiving = true; qemu_coroutine_yield(); s->requests[i].receiving = false; - if (s->reply.handle != request->handle || !s->ioc || s->quit) { + if (!s->ioc || s->quit) { ret = -EIO; } else { + assert(s->reply.handle == request->handle); ret = -s->reply.error; if (qiov && s->reply.error == 0) { assert(request->len == iov_size(qiov->iov, qiov->niov));
Check reply-handle == request-handle in the same place, where recv coroutine number is calculated from reply->handle and it's correctness checked - in nbd_read_reply_entry. Also finish nbd_read_reply_entry in case of reply-handle != request-handle in the same way as in case of incorrect reply-handle. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> --- block/nbd-client.h | 1 + block/nbd-client.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-)