qemu/block
Fiona Ebner f6d38c9f6d block-backend: fix edge case in bdrv_next() where BDS associated to BB changes
The old_bs variable in bdrv_next() is currently determined by looking
at the old block backend. However, if the block graph changes before
the next bdrv_next() call, it might be that the associated BDS is not
the same that was referenced previously. In that case, the wrong BDS
is unreferenced, leading to an assertion failure later:

> bdrv_unref: Assertion `bs->refcnt > 0' failed.

In particular, this can happen in the context of bdrv_flush_all(),
when polling for bdrv_co_flush() in the generated co-wrapper leads to
a graph change (for example with a stream block job [0]).

A racy reproducer:

> #!/bin/bash
> rm -f /tmp/backing.qcow2
> rm -f /tmp/top.qcow2
> ./qemu-img create /tmp/backing.qcow2 -f qcow2 64M
> ./qemu-io -c "write -P42 0x0 0x1" /tmp/backing.qcow2
> ./qemu-img create /tmp/top.qcow2 -f qcow2 64M -b /tmp/backing.qcow2 -F qcow2
> ./qemu-system-x86_64 --qmp stdio \
> --blockdev qcow2,node-name=node0,file.driver=file,file.filename=/tmp/top.qcow2 \
> <<EOF
> {"execute": "qmp_capabilities"}
> {"execute": "block-stream", "arguments": { "job-id": "stream0", "device": "node0" } }
> {"execute": "quit"}
> EOF

[0]:

> #0  bdrv_replace_child_tran (child=..., new_bs=..., tran=...)
> #1  bdrv_replace_node_noperm (from=..., to=..., auto_skip=..., tran=..., errp=...)
> #2  bdrv_replace_node_common (from=..., to=..., auto_skip=..., detach_subchain=..., errp=...)
> #3  bdrv_drop_filter (bs=..., errp=...)
> #4  bdrv_cor_filter_drop (cor_filter_bs=...)
> #5  stream_prepare (job=...)
> #6  job_prepare_locked (job=...)
> #7  job_txn_apply_locked (fn=..., job=...)
> #8  job_do_finalize_locked (job=...)
> #9  job_exit (opaque=...)
> #10 aio_bh_poll (ctx=...)
> #11 aio_poll (ctx=..., blocking=...)
> #12 bdrv_poll_co (s=...)
> #13 bdrv_flush (bs=...)
> #14 bdrv_flush_all ()
> #15 do_vm_stop (state=..., send_stop=...)
> #16 vm_shutdown ()

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20240322095009.346989-3-f.ebner@proxmox.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-03-26 14:21:26 +01:00
..
export block: remove outdated AioContext locking comments 2023-12-21 22:49:27 +01:00
monitor stream: Allow users to request only format driver names in backing file format 2024-01-26 11:16:58 +01:00
accounting.c block: add missed block_acct_setup with new block device init procedure 2022-09-30 18:42:34 +02:00
aio_task.c block/aio_task: assert max_busy_tasks is greater than 0 2021-10-05 18:56:41 +02:00
amend.c block: Mark BlockDriver callbacks for amend job GRAPH_RDLOCK 2023-05-10 14:16:54 +02:00
backup.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
blkdebug.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
blkio.c blkio: Respect memory-alignment for bounce buffer allocations 2024-02-07 15:26:04 +01:00
blklogwrites.c block/blklogwrites: Protect mutable driver state with a mutex. 2024-01-26 11:16:58 +01:00
blkreplay.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
blkverify.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
block-backend.c block-backend: fix edge case in bdrv_next() where BDS associated to BB changes 2024-03-26 14:21:26 +01:00
block-copy.c block: Mark bdrv_chain_contains() and callers GRAPH_RDLOCK 2023-11-07 19:14:19 +01:00
block-gen.h block-coroutine-wrapper.py: support also basic return types 2022-12-15 16:07:43 +01:00
block-ram-registrar.c block: add BlockRAMRegistrar 2022-10-26 14:56:42 -04:00
bochs.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
cloop.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
commit.c commit: Allow users to request only format driver names in backing file format 2024-01-26 11:16:58 +01:00
copy-before-write.c block/copy-before-write: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
copy-before-write.h block/copy-before-write.h: global state API + assertions 2022-03-04 18:18:25 +01:00
copy-on-read.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
copy-on-read.h block: Mark bdrv_(un)freeze_backing_chain() and callers GRAPH_RDLOCK 2023-11-07 19:14:19 +01:00
coroutines.h nbd: Mark nbd_co_do_establish_connection() and callers GRAPH_RDLOCK 2023-05-10 14:16:53 +02:00
create.c block: Call .bdrv_co_create(_opts) unlocked 2023-05-19 19:12:12 +02:00
crypto.c block: Support detached LUKS header creation using qemu-img 2024-02-09 12:50:37 +00:00
crypto.h block: Support detached LUKS header creation using qemu-img 2024-02-09 12:50:37 +00:00
curl.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
dirty-bitmap.c block: Mark bdrv_*_dirty_bitmap() and callers GRAPH_RDLOCK 2023-02-23 19:49:32 +01:00
dmg-bz2.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
dmg-lzfse.c block/dmg: Ignore C99 prototype declaration mismatch from <lzfse.h> 2023-03-30 15:03:36 +02:00
dmg.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
dmg.h block/dmg: Declare a type definition for DMG uncompress function 2023-04-24 13:53:44 -04:00
file-posix.c block/file-posix: set up Linux AIO and io_uring in the current thread 2023-12-21 22:49:27 +01:00
file-win32.c thread-pool: avoid passing the pool parameter every time 2023-04-25 13:17:28 +02:00
filter-compress.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
gluster.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
graph-lock.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
io_uring.c block/io_uring: improve error message when init fails 2024-01-30 16:13:28 -05:00
io.c block/io: accept NULL qiov in bdrv_pad_request 2024-03-26 14:21:26 +01:00
iscsi-opts.c modules: add block module annotations 2021-07-09 18:20:27 +02:00
iscsi.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
linux-aio.c virtio: use defer_call() in virtio_irqfd_notify() 2023-10-31 15:42:14 +01:00
meson.build configure, meson: rename targetos to host_os 2023-12-31 09:11:29 +01:00
mirror.c mirror: Don't call job_pause_point() under graph lock 2024-03-18 12:03:04 +01:00
nbd.c block/nbd: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
nfs.c block: Mark bdrv_refresh_filename() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
null.c block: Convert bdrv_get_allocated_file_size() to co_wrapper 2023-02-01 16:52:32 +01:00
nvme.c block/nvme: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
parallels-ext.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
parallels.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
parallels.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
preallocate.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
progress_meter.c coroutine: Clean up superfluous inclusion of qemu/lockable.h 2023-01-19 10:18:28 +01:00
qapi-sysemu.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
qapi.c qemu-img: Fix Column Width and Improve Formatting in snapshot list 2024-03-18 13:30:34 +01:00
qcow2-bitmap.c block/qcow2-bitmap: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
qcow2-cache.c qcow2: Mark qcow2_signal_corruption() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
qcow2-cluster.c qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow2-refcount.c qcow2: Mark qcow2_signal_corruption() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
qcow2-snapshot.c qcow2: mark various functions as coroutine_fn and GRAPH_RDLOCK 2023-04-25 13:17:28 +02:00
qcow2-threads.c thread-pool: avoid passing the pool parameter every time 2023-04-25 13:17:28 +02:00
qcow2.c block/qcow2: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
qcow2.h qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow.c crypto: Modify the qcrypto_block_create to support creation flags 2024-02-09 12:50:37 +00:00
qed-check.c qed: mark more functions as coroutine_fns and GRAPH_RDLOCK 2023-06-28 09:46:20 +02:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed-table.c block: use bdrv_co_debug_event in coroutine context 2023-06-28 09:46:34 +02:00
qed.c block/qed: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:33 +01:00
qed.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
quorum.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
raw-format.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
rbd.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
replication.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
reqlist.c block/reqlist: add reqlist_wait_all() 2022-03-07 09:33:30 +01:00
snapshot-access.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
snapshot.c block/snapshot: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:34 +01:00
ssh.c aio: remove aio_disable_external() API 2023-05-30 17:37:26 +02:00
stream.c stream: Allow users to request only format driver names in backing file format 2024-01-26 11:16:58 +01:00
throttle-groups.c block: mark mixed functions that can suspend 2023-09-26 18:09:08 +02:00
throttle.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
trace-events nbd/client: Accept 64-bit block status chunks 2023-10-05 11:02:08 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vdi.c block/vdi: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:34 +01:00
vhdx-endian.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
vhdx-log.c vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vhdx.c vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vhdx.h vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vmdk.c block/vmdk: Fix missing ERRP_GUARD() for error_prepend() 2024-03-12 11:45:34 +01:00
vpc.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
vvfat.c cpr: relax blockdev migration blockers 2023-11-01 16:13:59 +01:00
win32-aio.c aio: remove aio_disable_external() API 2023-05-30 17:37:26 +02:00
write-threshold.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00