[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] QCOW2 bugs releated to qcow2_aio_cancel()
From: |
Chunqiang Tang |
Subject: |
[Qemu-devel] QCOW2 bugs releated to qcow2_aio_cancel() |
Date: |
Thu, 3 Feb 2011 12:21:35 -0500 |
Hi Kevin,
Fast Virtual Disk (FVD) has an automated testing tool (see
http://wiki.qemu.org/Features/FVD/Engineering). For a long time, I knew
that QCOW2 could not pass the automated tests. Today I finally sit down to
look into those bugs. I already submitted multiple patches for different
bugs, but there is one case that I am not certain how to handle. Instead
of creating a potentially broken patch, I though you might be able to
handle it better than me. Bugs showed up when the testing tool injected
aio cancel.
First, the cancelled request is not taken off the list of running
requests, i.e., s->cluster_allocs and next_in_flight. As a result, when
the acb is freed and reused, it formed circles in s->cluster_allocs, and
the qcow2_alloc_cluster_offset() code below went into dead loop. I tried
to add run_dependent_requests() into qcow2_aio_cancel(), but that does not
solve all the problem. Dead loop still occurs.
The second bug is related to QCowAIOCB.bh. There are several issues. 1)
When a request is cancelled, the bh is not cancelled. 2) qcow2_aio_setup()
does not initialize bh=NULL and relies on qcow2_aio_read_bh() to set
bh=NULL. When the acb is reused for another request, bh!=NULL. As a
result, qcow2_schedule_bh() fails on checking "if (acb->bh) return -EIO;"
There may be other bugs related to qcow2_aio_cancel(), as the testing tool
could not run long enough before it hits a bug. As a result, the coverage
is low.
static void qcow2_aio_cancel(BlockDriverAIOCB *blockacb)
{
QCowAIOCB *acb = container_of(blockacb, QCowAIOCB, common);
if (acb->hd_aiocb)
bdrv_aio_cancel(acb->hd_aiocb);
run_dependent_requests(&acb->l2meta); /******* added ******/
qemu_aio_release(acb);
}
int qcow2_alloc_cluster_offset()
{
...
/******* run into dead loop here when a cancelled was not taken off
the list. */
QLIST_FOREACH(old_alloc, &s->cluster_allocs, next_in_flight) {
...
}
}
Regards,
ChunQiang (CQ) Tang, Ph.D.
Tel: +1-914-784-7412 Homepage:
http://www.research.ibm.com/people/c/ctang
- [Qemu-devel] QCOW2 bugs releated to qcow2_aio_cancel(),
Chunqiang Tang <=