qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Suspicious code in qcow2.


From: Kevin Wolf
Subject: Re: [Qemu-devel] Suspicious code in qcow2.
Date: Thu, 08 Sep 2011 10:07:38 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110816 Thunderbird/6.0

Am 07.09.2011 18:42, schrieb Frediano Ziglio:
> Actually it does not cause problems but this code order seems a bit
> wrong to me (block/qcow2-cluster.c)
> 
> 
>     QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
> 
>     /* allocate a new cluster */
> 
>     cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
>     if (cluster_offset < 0) {
>         ret = cluster_offset;
>         goto fail;
>     }
> 
>     /* save info needed for meta data update */
>     m->offset = offset;
>     m->n_start = n_start;
>     m->nb_clusters = nb_clusters;
> 
> 
> current metadata (m) get inserted in cluster allocation list with
> nb_clusters set to 0. Loop on cluster_allocs "ignore" (wait for this
> allocation or just skip it depending on dirty data in offset field)
> this metadata. Currently all occur in a CoMutex so this does not cause
> problems but in case qcow2_alloc_clusters unlock the mutex it can
> occur to insert two overlapping updates into cluster_allocs. Perhaps a
> better order would be
> 
> 
>     /* save info needed for meta data update */
>     m->offset = offset;
>     m->n_start = n_start;
>     m->nb_clusters = nb_clusters;
> 
>     QLIST_INSERT_HEAD(&s->cluster_allocs, m, next_in_flight);
> 
>     /* allocate a new cluster */
> 
>     cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size);
>     if (cluster_offset < 0) {
>         ret = cluster_offset;
>         goto fail;
>     }
> 
> 
> (tested successfully with iotests suite)

Yes, that makes sense. Once we run this code without holding the
CoMutex, this becomes a real problem. Care to send a patch?

Kevin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]