hw/xen_disk: ioreq not finished on error

Message ID	AANLkTi=DvXhuR7-3pU7XNpnqpcOz8CZQc_Gz_L=S+xkA@mail.gmail.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:cc:content-type; b=JrMg4kt9cF8Tbb0MyH5EexAWTnWsHvGyx/V4aZIVZPrSijrdp6fRAc4olaeB0Jc4pv HCT/GQU9BEieWtNEz2DZKvnQXDyasIhO0AxVmTVR6Vqcz/q02R5s50akASjNdNQycI4j pxCD/2r+6DKI+UHrdicPb9HDtzhwN3oxG09/M= MIME-Version: 1.0 From: Feiran Zheng <famcool@gmail.com> Date: Sun, 27 Mar 2011 18:25:49 +0800 Message-ID: <AANLkTi=DvXhuR7-3pU7XNpnqpcOz8CZQc_Gz_L=S+xkA@mail.gmail.com> To: qemu-devel@nongnu.org Content-Type: text/plain; charset=UTF-8 Cc: Anthony PERARD <anthony.perard@citrix.com>, Kevin Wolf <kwolf@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com> Subject: [Qemu-devel] [PATCH]hw/xen_disk: ioreq not finished on error Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

AANLkTi=DvXhuR7-3pU7XNpnqpcOz8CZQc_Gz_L=S+xkA@mail.gmail.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:from:date:message-id:subject:to:cc:content-type;
	b=JrMg4kt9cF8Tbb0MyH5EexAWTnWsHvGyx/V4aZIVZPrSijrdp6fRAc4olaeB0Jc4pv
	HCT/GQU9BEieWtNEz2DZKvnQXDyasIhO0AxVmTVR6Vqcz/q02R5s50akASjNdNQycI4j
	pxCD/2r+6DKI+UHrdicPb9HDtzhwN3oxG09/M=
MIME-Version: 1.0
From: Feiran Zheng <famcool@gmail.com>
Date: Sun, 27 Mar 2011 18:25:49 +0800
Message-ID: <AANLkTi=DvXhuR7-3pU7XNpnqpcOz8CZQc_Gz_L=S+xkA@mail.gmail.com>
To: qemu-devel@nongnu.org
Content-Type: text/plain; charset=UTF-8
Cc: Anthony PERARD <anthony.perard@citrix.com>, Kevin Wolf <kwolf@redhat.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [Qemu-devel] [PATCH]hw/xen_disk: ioreq not finished on error
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Feiran Zheng March 27, 2011, 10:25 a.m. UTC

Bug fix: routines 'ioreq_runio_qemu_sync' and 'ioreq_runio_qemu_aio'
won't call 'ioreq_unmap' or 'ioreq_finish' on errors, leaving ioreq in
the blkdev->inflight list and a leak.

Signed-off-by: Feiran Zheng <famcool@gmail.com>
---
 hw/xen_disk.c |   22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

Comments

Stefano Stabellini March 28, 2011, 1:42 p.m. UTC | #1

On Sun, 27 Mar 2011, Feiran Zheng wrote:
> Bug fix: routines 'ioreq_runio_qemu_sync' and 'ioreq_runio_qemu_aio'
> won't call 'ioreq_unmap' or 'ioreq_finish' on errors, leaving ioreq in
> the blkdev->inflight list and a leak.
> 
> Signed-off-by: Feiran Zheng <famcool@gmail.com>
> ---
>  hw/xen_disk.c |   22 +++++++++++++++++-----
>  1 files changed, 17 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/xen_disk.c b/hw/xen_disk.c
> index 445bf03..7940fab 100644
> --- a/hw/xen_disk.c
> +++ b/hw/xen_disk.c
> @@ -309,8 +309,10 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>      int i, rc, len = 0;
>      off_t pos;
> 
> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
> -	goto err;
> +    if (ioreq->req.nr_segments) {
> +	if (ioreq_map(ioreq) == -1)
> +	    goto err_no_map;
> +    }
>      if (ioreq->presync)
>  	bdrv_flush(blkdev->bs);
> 

this change is just to make the code clearer and easier to read, right?


> @@ -364,6 +366,9 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>      return 0;
> 
>  err:
> +    ioreq_unmap(ioreq);
> +err_no_map:
> +    ioreq_finish(ioreq);
>      ioreq->status = BLKIF_RSP_ERROR;
>      return -1;
>  }
> @@ -392,8 +397,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>  {
>      struct XenBlkDev *blkdev = ioreq->blkdev;
> 
> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
> -	goto err;
> +    if (ioreq->req.nr_segments) {
> +	if (ioreq_map(ioreq) == -1)
> +	    goto err_no_map;
> +    }
> 
>      ioreq->aio_inflight++;
>      if (ioreq->presync)
> @@ -425,9 +432,14 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>      qemu_aio_complete(ioreq, 0);
> 
>      return 0;
> +
> +err_no_map:
> +    ioreq_finish(ioreq);
> +    ioreq->status = BLKIF_RSP_ERROR;
> +    return -1;
> 

why aren't you calling ioreq_unmap before ioreq_finish, like in the
previous case?

Feiran Zheng March 28, 2011, 2:02 p.m. UTC | #2

On Mon, Mar 28, 2011 at 9:42 PM, Stefano Stabellini
<stefano.stabellini@eu.citrix.com> wrote:
> On Sun, 27 Mar 2011, Feiran Zheng wrote:
>> Bug fix: routines 'ioreq_runio_qemu_sync' and 'ioreq_runio_qemu_aio'
>> won't call 'ioreq_unmap' or 'ioreq_finish' on errors, leaving ioreq in
>> the blkdev->inflight list and a leak.
>>
>> Signed-off-by: Feiran Zheng <famcool@gmail.com>
>> ---
>>  hw/xen_disk.c |   22 +++++++++++++++++-----
>>  1 files changed, 17 insertions(+), 5 deletions(-)
>>
>> diff --git a/hw/xen_disk.c b/hw/xen_disk.c
>> index 445bf03..7940fab 100644
>> --- a/hw/xen_disk.c
>> +++ b/hw/xen_disk.c
>> @@ -309,8 +309,10 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>>      int i, rc, len = 0;
>>      off_t pos;
>>
>> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
>> -     goto err;
>> +    if (ioreq->req.nr_segments) {
>> +     if (ioreq_map(ioreq) == -1)
>> +         goto err_no_map;
>> +    }
>>      if (ioreq->presync)
>>       bdrv_flush(blkdev->bs);
>>
>
> this change is just to make the code clearer and easier to read, right?

I think so.

>
>
>> @@ -364,6 +366,9 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>>      return 0;
>>
>>  err:
>> +    ioreq_unmap(ioreq);
>> +err_no_map:
>> +    ioreq_finish(ioreq);
>>      ioreq->status = BLKIF_RSP_ERROR;
>>      return -1;
>>  }
>> @@ -392,8 +397,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>>  {
>>      struct XenBlkDev *blkdev = ioreq->blkdev;
>>
>> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
>> -     goto err;
>> +    if (ioreq->req.nr_segments) {
>> +     if (ioreq_map(ioreq) == -1)
>> +         goto err_no_map;
>> +    }
>>
>>      ioreq->aio_inflight++;
>>      if (ioreq->presync)
>> @@ -425,9 +432,14 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>>      qemu_aio_complete(ioreq, 0);
>>
>>      return 0;
>> +
>> +err_no_map:
>> +    ioreq_finish(ioreq);
>> +    ioreq->status = BLKIF_RSP_ERROR;
>> +    return -1;
>>
>
> why aren't you calling ioreq_unmap before ioreq_finish, like in the
> previous case?
>
>
>
It seems not a must but if call qemu_aio_complete, the error info can
be printed, I thought it may be helpful.

Stefano Stabellini March 28, 2011, 6:16 p.m. UTC | #3

On Mon, 28 Mar 2011, Feiran Zheng wrote:
> On Mon, Mar 28, 2011 at 9:42 PM, Stefano Stabellini
> <stefano.stabellini@eu.citrix.com> wrote:
> > On Sun, 27 Mar 2011, Feiran Zheng wrote:
> >> Bug fix: routines 'ioreq_runio_qemu_sync' and 'ioreq_runio_qemu_aio'
> >> won't call 'ioreq_unmap' or 'ioreq_finish' on errors, leaving ioreq in
> >> the blkdev->inflight list and a leak.
> >>
> >> Signed-off-by: Feiran Zheng <famcool@gmail.com>
> >> ---
> >>  hw/xen_disk.c |   22 +++++++++++++++++-----
> >>  1 files changed, 17 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/hw/xen_disk.c b/hw/xen_disk.c
> >> index 445bf03..7940fab 100644
> >> --- a/hw/xen_disk.c
> >> +++ b/hw/xen_disk.c
> >> @@ -309,8 +309,10 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
> >>      int i, rc, len = 0;
> >>      off_t pos;
> >>
> >> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
> >> -     goto err;
> >> +    if (ioreq->req.nr_segments) {
> >> +     if (ioreq_map(ioreq) == -1)
> >> +         goto err_no_map;
> >> +    }
> >>      if (ioreq->presync)
> >>       bdrv_flush(blkdev->bs);
> >>
> >
> > this change is just to make the code clearer and easier to read, right?
> 
> I think so.
> 
> >
> >
> >> @@ -364,6 +366,9 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
> >>      return 0;
> >>
> >>  err:
> >> +    ioreq_unmap(ioreq);
> >> +err_no_map:
> >> +    ioreq_finish(ioreq);
> >>      ioreq->status = BLKIF_RSP_ERROR;
> >>      return -1;
> >>  }
> >> @@ -392,8 +397,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
> >>  {
> >>      struct XenBlkDev *blkdev = ioreq->blkdev;
> >>
> >> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
> >> -     goto err;
> >> +    if (ioreq->req.nr_segments) {
> >> +     if (ioreq_map(ioreq) == -1)
> >> +         goto err_no_map;
> >> +    }
> >>
> >>      ioreq->aio_inflight++;
> >>      if (ioreq->presync)
> >> @@ -425,9 +432,14 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
> >>      qemu_aio_complete(ioreq, 0);
> >>
> >>      return 0;
> >> +
> >> +err_no_map:
> >> +    ioreq_finish(ioreq);
> >> +    ioreq->status = BLKIF_RSP_ERROR;
> >> +    return -1;
> >>
> >
> > why aren't you calling ioreq_unmap before ioreq_finish, like in the
> > previous case?
> >
> >
> >
> It seems not a must but if call qemu_aio_complete, the error info can
> be printed, I thought it may be helpful.

I am not sure I understand what you mean here because in case of error
we don't call qemu_aio_complete at all in the err_no_map code path.

Feiran Zheng March 29, 2011, 12:34 a.m. UTC | #4

Sorry for the confusing, I'll clean up it.

On Tue, Mar 29, 2011 at 2:16 AM, Stefano Stabellini
<stefano.stabellini@eu.citrix.com> wrote:
> On Mon, 28 Mar 2011, Feiran Zheng wrote:
>> On Mon, Mar 28, 2011 at 9:42 PM, Stefano Stabellini
>> <stefano.stabellini@eu.citrix.com> wrote:
>> > On Sun, 27 Mar 2011, Feiran Zheng wrote:
>> >> Bug fix: routines 'ioreq_runio_qemu_sync' and 'ioreq_runio_qemu_aio'
>> >> won't call 'ioreq_unmap' or 'ioreq_finish' on errors, leaving ioreq in
>> >> the blkdev->inflight list and a leak.
>> >>
>> >> Signed-off-by: Feiran Zheng <famcool@gmail.com>
>> >> ---
>> >>  hw/xen_disk.c |   22 +++++++++++++++++-----
>> >>  1 files changed, 17 insertions(+), 5 deletions(-)
>> >>
>> >> diff --git a/hw/xen_disk.c b/hw/xen_disk.c
>> >> index 445bf03..7940fab 100644
>> >> --- a/hw/xen_disk.c
>> >> +++ b/hw/xen_disk.c
>> >> @@ -309,8 +309,10 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>> >>      int i, rc, len = 0;
>> >>      off_t pos;
>> >>
>> >> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
>> >> -     goto err;
>> >> +    if (ioreq->req.nr_segments) {
>> >> +     if (ioreq_map(ioreq) == -1)
>> >> +         goto err_no_map;
>> >> +    }
>> >>      if (ioreq->presync)
>> >>       bdrv_flush(blkdev->bs);
>> >>
>> >
>> > this change is just to make the code clearer and easier to read, right?
>>
>> I think so.
>>
>> >
>> >
>> >> @@ -364,6 +366,9 @@ static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
>> >>      return 0;
>> >>
>> >>  err:
>> >> +    ioreq_unmap(ioreq);
>> >> +err_no_map:
>> >> +    ioreq_finish(ioreq);
>> >>      ioreq->status = BLKIF_RSP_ERROR;
>> >>      return -1;
>> >>  }
>> >> @@ -392,8 +397,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>> >>  {
>> >>      struct XenBlkDev *blkdev = ioreq->blkdev;
>> >>
>> >> -    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
>> >> -     goto err;
>> >> +    if (ioreq->req.nr_segments) {
>> >> +     if (ioreq_map(ioreq) == -1)
>> >> +         goto err_no_map;
>> >> +    }
>> >>
>> >>      ioreq->aio_inflight++;
>> >>      if (ioreq->presync)
>> >> @@ -425,9 +432,14 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
>> >>      qemu_aio_complete(ioreq, 0);
>> >>
>> >>      return 0;
>> >> +
>> >> +err_no_map:
>> >> +    ioreq_finish(ioreq);
>> >> +    ioreq->status = BLKIF_RSP_ERROR;
>> >> +    return -1;
>> >>
>> >
>> > why aren't you calling ioreq_unmap before ioreq_finish, like in the
>> > previous case?
>> >
>> >
>> >
>> It seems not a must but if call qemu_aio_complete, the error info can
>> be printed, I thought it may be helpful.
>
> I am not sure I understand what you mean here because in case of error
> we don't call qemu_aio_complete at all in the err_no_map code path.

diff --git a/hw/xen_disk.c b/hw/xen_disk.c
index 445bf03..7940fab 100644
--- a/hw/xen_disk.c
+++ b/hw/xen_disk.c
@@ -309,8 +309,10 @@  static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
     int i, rc, len = 0;
     off_t pos;

-    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
-	goto err;
+    if (ioreq->req.nr_segments) {
+	if (ioreq_map(ioreq) == -1)
+	    goto err_no_map;
+    }
     if (ioreq->presync)
 	bdrv_flush(blkdev->bs);

@@ -364,6 +366,9 @@  static int ioreq_runio_qemu_sync(struct ioreq *ioreq)
     return 0;

 err:
+    ioreq_unmap(ioreq);
+err_no_map:
+    ioreq_finish(ioreq);
     ioreq->status = BLKIF_RSP_ERROR;
     return -1;
 }
@@ -392,8 +397,10 @@  static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
 {
     struct XenBlkDev *blkdev = ioreq->blkdev;

-    if (ioreq->req.nr_segments && ioreq_map(ioreq) == -1)
-	goto err;
+    if (ioreq->req.nr_segments) {
+	if (ioreq_map(ioreq) == -1)
+	    goto err_no_map;
+    }

     ioreq->aio_inflight++;
     if (ioreq->presync)
@@ -425,9 +432,14 @@  static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
     qemu_aio_complete(ioreq, 0);

     return 0;
+
+err_no_map:
+    ioreq_finish(ioreq);
+    ioreq->status = BLKIF_RSP_ERROR;
+    return -1;

 err:
-    ioreq->status = BLKIF_RSP_ERROR;
+    qemu_aio_complete(ioreq, -1);
     return -1;
 }

hw/xen_disk: ioreq not finished on error

Commit Message

Comments

Patch