[PATCH 0/3] backup-top: Don't crash on post-finalize accesses

[Max Reitz]

Hi,

After job-finalize, the backup-top node generally stays around.  That’s
quite a problem, because its BlockCopyState is already freed then, and
it has no filtered child.  We really want the node to be gone.

The only reference that realistically can keep it alive is that of the
backup job (though block_job_add_bdrv() called by block_job_create()).
Dropping that reference before bdrv_backup_top_drop() should[1] ensure
bdrv_backup_top_drop() will delete the node.

[1]: bdrv_backup_top_drop() replaces the backup-top node by its filtered
     child, which detaches all parents from backup-top but the ones with
     .stay_at_node set.  The only parent that does this is a block job.
     I don’t think nodes can be in use by multiple block jobs at once,
     so the only parent with .stay_at_node set can be backup-top’s own
     backup job.


Patch 2 is there kind of as a failsafe, and kind of because it just made
sense to me, even if it won’t do anything.


Max Reitz (3):
  backup: Remove nodes from job in .clean()
  backup-top: Refuse I/O in inactive state
  iotests/283: Check that finalize drops backup-top

 block/backup-top.c         | 10 +++++++
 block/backup.c             |  1 +
 tests/qemu-iotests/283     | 55 ++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/283.out | 15 +++++++++++
 4 files changed, 81 insertions(+)

-- 
2.29.2