[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Suspicious code in qcow2.
From: |
Kevin Wolf |
Subject: |
Re: [Qemu-devel] Suspicious code in qcow2. |
Date: |
Thu, 08 Sep 2011 10:07:38 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110816 Thunderbird/6.0 |
Am 07.09.2011 18:42, schrieb Frediano Ziglio:
> Actually it does not cause problems but this code order seems a bit
> wrong to me (block/qcow2-cluster.c)
>
>
> QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
>
> /* allocate a new cluster */
>
> cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
> if (cluster_offset < 0) {
> ret = cluster_offset;
> goto fail;
> }
>
> /* save info needed for meta data update */
> m->offset = offset;
> m->n_start = n_start;
> m->nb_clusters = nb_clusters;
>
>
> current metadata (m) get inserted in cluster allocation list with
> nb_clusters set to 0. Loop on cluster_allocs "ignore" (wait for this
> allocation or just skip it depending on dirty data in offset field)
> this metadata. Currently all occur in a CoMutex so this does not cause
> problems but in case qcow2_alloc_clusters unlock the mutex it can
> occur to insert two overlapping updates into cluster_allocs. Perhaps a
> better order would be
>
>
> /* save info needed for meta data update */
> m->offset = offset;
> m->n_start = n_start;
> m->nb_clusters = nb_clusters;
>
> QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
>
> /* allocate a new cluster */
>
> cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
> if (cluster_offset < 0) {
> ret = cluster_offset;
> goto fail;
> }
>
>
> (tested successfully with iotests suite)
Yes, that makes sense. Once we run this code without holding the
CoMutex, this becomes a real problem. Care to send a patch?
Kevin