qemu-e2k/block
Hanna Reitz b1e1af394d block/stream: Drain subtree around graph change
When the stream block job cuts out the nodes between top and base in
stream_prepare(), it does not drain the subtree manually; it fetches the
base node, and tries to insert it as the top node's backing node with
bdrv_set_backing_hd().  bdrv_set_backing_hd() however will drain, and so
the actual base node might change (because the base node is actually not
part of the stream job) before the old base node passed to
bdrv_set_backing_hd() is installed.

This has two implications:

First, the stream job does not keep a strong reference to the base node.
Therefore, if it is deleted in bdrv_set_backing_hd()'s drain (e.g.
because some other block job is drained to finish), we will get a
use-after-free.  We should keep a strong reference to that node.

Second, even with such a strong reference, the problem remains that the
base node might change before bdrv_set_backing_hd() actually runs and as
a result the wrong base node is installed.

Both effects can be seen in 030's TestParallelOps.test_overlapping_5()
case, which has five nodes, and simultaneously streams from the middle
node to the top node, and commits the middle node down to the base node.
As it is, this will sometimes crash, namely when we encounter the
above-described use-after-free.

Taking a strong reference to the base node, we no longer get a crash,
but the resuling block graph is less than ideal: The expected result is
obviously that all middle nodes are cut out and the base node is the
immediate backing child of the top node.  However, if stream_prepare()
takes a strong reference to its base node (the middle node), and then
the commit job finishes in bdrv_set_backing_hd(), supposedly dropping
that middle node, the stream job will just reinstall it again.

Therefore, we need to keep the whole subtree drained in
stream_prepare(), so that the graph modification it performs is
effectively atomic, i.e. that the base node it fetches is still the base
node when bdrv_set_backing_hd() sets it as the top node's backing node.

Verify this by asserting in said 030's test case that the base node is
always the top node's immediate backing child when both jobs are done.

Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220324140907.17192-1-hreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru>
2022-03-29 16:30:55 +02:00
..
export osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
monitor block/dirty-bitmap: bdrv_merge_dirty_bitmap(): add return value 2022-03-07 09:33:30 +01:00
accounting.c
aio_task.c block/aio_task: assert max_busy_tasks is greater than 0 2021-10-05 18:56:41 +02:00
amend.c block/amend: Keep strong reference to BDS 2022-03-04 18:18:26 +01:00
backup.c assertions for block_int global state API 2022-03-04 18:18:25 +01:00
blkdebug.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blklogwrites.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkreplay.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkverify.c Replace GCC_FMT_ATTR with G_GNUC_PRINTF 2022-03-22 14:40:51 +04:00
block-backend.c block/coroutines: I/O and "I/O or GS" API 2022-03-04 18:18:25 +01:00
block-copy.c target-arm queue: 2022-03-08 15:26:10 +00:00
block-gen.h
bochs.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
cloop.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
commit.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
copy-before-write.c block: copy-before-write: realize snapshot-access API 2022-03-07 09:33:31 +01:00
copy-before-write.h block/copy-before-write.h: global state API + assertions 2022-03-04 18:18:25 +01:00
copy-on-read.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
copy-on-read.h copy-on-read: add filter drop function 2021-01-26 11:26:54 +01:00
coroutines.h block/coroutines: I/O and "I/O or GS" API 2022-03-04 18:18:25 +01:00
create.c block_int-common.h: assertions in the callers of BlockDriver function pointers 2022-03-04 18:18:25 +01:00
crypto.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
crypto.h
curl.c block/curl.c: Check error return from curl_easy_setopt() 2022-03-07 09:19:20 +01:00
dirty-bitmap.c block/dirty-bitmap: introduce bdrv_dirty_bitmap_status() 2022-03-07 09:33:30 +01:00
dmg-bz2.c
dmg-lzfse.c
dmg.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
dmg.h
file-posix.c block/file-posix: Remove a deprecation warning on macOS 12 2022-03-15 13:36:33 +01:00
file-win32.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
filter-compress.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
gluster.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
io_uring.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
io.c target-arm queue: 2022-03-08 15:26:10 +00:00
iscsi-opts.c modules: add block module annotations 2021-07-09 18:20:27 +02:00
iscsi.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
linux-aio.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
meson.build block: introduce snapshot-access block driver 2022-03-07 09:33:31 +01:00
mirror.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
nbd.c block/nbd.c: Fixed IO request coroutine not being wakeup when kill NBD server 2022-03-21 15:21:09 -05:00
nfs.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
null.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
nvme.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
parallels-ext.c block: Fix misleading hexadecimal format 2022-03-24 10:38:42 +00:00
parallels.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
parallels.h parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
preallocate.c block: fix preallocate filter: don't do unaligned preallocate requests 2022-03-07 09:19:20 +01:00
progress_meter.c progressmeter: protect with a mutex 2021-06-25 14:24:24 +03:00
qapi-sysemu.c
qapi.c block: use GDateTime for formatting timestamp when dumping snapshot info 2021-06-14 13:28:50 +01:00
qcow2-bitmap.c nbd patches for 2021-03-09 2021-03-11 13:57:08 +00:00
qcow2-cache.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qcow2-cluster.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qcow2-refcount.c compiler.h: replace QEMU_WARN_UNUSED_RESULT with G_GNUC_WARN_UNUSED_RESULT 2022-03-22 14:40:51 +04:00
qcow2-snapshot.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qcow2-threads.c
qcow2.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qcow2.h Replace GCC_FMT_ATTR with G_GNUC_PRINTF 2022-03-22 14:40:51 +04:00
qcow.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed-check.c
qed-cluster.c
qed-l2-cache.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed-table.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qed.h
quorum.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
raw-format.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
rbd.c block/rbd: fix write zeroes with growing images 2022-03-22 09:40:54 +01:00
replication.c job: @force parameter for job_cancel_sync() 2021-10-07 10:42:09 +02:00
reqlist.c block/reqlist: add reqlist_wait_all() 2022-03-07 09:33:30 +01:00
snapshot-access.c block: introduce snapshot-access block driver 2022-03-07 09:33:31 +01:00
snapshot.c include/block/snapshot: global state API + assertions 2022-03-04 18:18:25 +01:00
ssh.c Replace GCC_FMT_ATTR with G_GNUC_PRINTF 2022-03-22 14:40:51 +04:00
stream.c block/stream: Drain subtree around graph change 2022-03-29 16:30:55 +02:00
throttle-groups.c block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes 2021-02-03 08:14:00 -06:00
throttle.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
trace-events block/nvme: Display CQ/SQ pointer in nvme_free_queue_pair() 2021-11-02 15:49:12 +01:00
trace.h
vdi.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
vhdx-endian.c
vhdx-log.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
vhdx.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
vhdx.h
vmdk.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
vpc.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
vvfat.c vvfat: Fix vvfat_write() for writes before the root directory 2022-01-14 12:03:16 +01:00
win32-aio.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
write-threshold.c write-threshold: deal with includes 2021-05-14 16:14:10 +02:00