[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/7] block/nbd: avoid touching freed connect_thread
From: |
Roman Kagan |
Subject: |
[PATCH 1/7] block/nbd: avoid touching freed connect_thread |
Date: |
Mon, 15 Mar 2021 09:06:05 +0300 |
When the NBD connection is being torn down, the connection thread gets
canceled and "detached", meaning it is about to get freed.
If this happens while the connection coroutine yielded waiting for the
connection thread to complete, when it resumes it may access the
invalidated connection thread data.
To prevent this, revalidate the ->connect_thread pointer in
nbd_co_establish_connection_cancel before using after the the yield.
Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru>
---
block/nbd.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/block/nbd.c b/block/nbd.c
index c26dc5a54f..447d176b76 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -486,6 +486,15 @@ nbd_co_establish_connection(BlockDriverState *bs, Error
**errp)
s->wait_connect = true;
qemu_coroutine_yield();
+ /*
+ * If nbd_co_establish_connection_cancel had a chance to run it may have
+ * invalidated ->connect_thread.
+ */
+ thr = s->connect_thread;
+ if (!thr) {
+ return -ECONNABORTED;
+ }
+
qemu_mutex_lock(&thr->mutex);
switch (thr->state) {
--
2.30.2
- [PATCH 6/7] block/nbd: decouple reconnect from drain, (continued)
[PATCH 5/7] block/nbd: better document a case in nbd_co_establish_connection, Roman Kagan, 2021/03/15
[PATCH 3/7] block/nbd: assert attach/detach runs in the proper context, Roman Kagan, 2021/03/15
[PATCH 4/7] block/nbd: transfer reconnection stuff across aio_context switch, Roman Kagan, 2021/03/15
[PATCH 1/7] block/nbd: avoid touching freed connect_thread,
Roman Kagan <=
[PATCH 7/7] block/nbd: stop manipulating in_flight counter, Roman Kagan, 2021/03/15
[PATCH 2/7] block/nbd: use uniformly nbd_client_connecting_wait, Roman Kagan, 2021/03/15
Re: [PATCH 0/7] block/nbd: decouple reconnect from drain, Vladimir Sementsov-Ogievskiy, 2021/03/15