| Message ID | 20171128154350.21504-5-kwolf@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Fix qemu-iotests failures | expand |
On Tue, Nov 28, 2017 at 04:43:50PM +0100, Kevin Wolf wrote: > The .drained_begin/end callbacks can (directly or indirectly via > aio_poll()) cause block nodes to be removed or the current BdrvChild to > point to a different child node. > > Use QLIST_FOREACH_SAFE() to make sure we don't access invalid > BlockDriverStates or accidentally continue iterating the parents of the > new child node instead of the node we actually came from. > > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > block/io.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/block/io.c b/block/io.c > index 4fdf93a014..6773926fc1 100644 > --- a/block/io.c > +++ b/block/io.c > @@ -42,9 +42,9 @@ static int coroutine_fn bdrv_co_do_pwrite_zeroes(BlockDriverState *bs, > > void bdrv_parent_drained_begin(BlockDriverState *bs) > { > - BdrvChild *c; > + BdrvChild *c, *next; > > - QLIST_FOREACH(c, &bs->parents, next_parent) { > + QLIST_FOREACH_SAFE(c, &bs->parents, next_parent, next) { > if (c->role->drained_begin) { > c->role->drained_begin(c); > } > @@ -53,9 +53,9 @@ void bdrv_parent_drained_begin(BlockDriverState *bs) > > void bdrv_parent_drained_end(BlockDriverState *bs) > { > - BdrvChild *c; > + BdrvChild *c, *next; > > - QLIST_FOREACH(c, &bs->parents, next_parent) { > + QLIST_FOREACH_SAFE(c, &bs->parents, next_parent, next) { > if (c->role->drained_end) { > c->role->drained_end(c); > } > -- > 2.13.6 > Reviewed-by: Jeff Cody <jcody@redhat.com>
diff --git a/block/io.c b/block/io.c index 4fdf93a014..6773926fc1 100644 --- a/block/io.c +++ b/block/io.c @@ -42,9 +42,9 @@ static int coroutine_fn bdrv_co_do_pwrite_zeroes(BlockDriverState *bs, void bdrv_parent_drained_begin(BlockDriverState *bs) { - BdrvChild *c; + BdrvChild *c, *next; - QLIST_FOREACH(c, &bs->parents, next_parent) { + QLIST_FOREACH_SAFE(c, &bs->parents, next_parent, next) { if (c->role->drained_begin) { c->role->drained_begin(c); } @@ -53,9 +53,9 @@ void bdrv_parent_drained_begin(BlockDriverState *bs) void bdrv_parent_drained_end(BlockDriverState *bs) { - BdrvChild *c; + BdrvChild *c, *next; - QLIST_FOREACH(c, &bs->parents, next_parent) { + QLIST_FOREACH_SAFE(c, &bs->parents, next_parent, next) { if (c->role->drained_end) { c->role->drained_end(c); }
The .drained_begin/end callbacks can (directly or indirectly via aio_poll()) cause block nodes to be removed or the current BdrvChild to point to a different child node. Use QLIST_FOREACH_SAFE() to make sure we don't access invalid BlockDriverStates or accidentally continue iterating the parents of the new child node instead of the node we actually came from. Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- block/io.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)