178bd438af
The recursive bdrv_drain_recurse may run a block job completion BH that drops nodes. The coming changes will make that more likely and use-after-free would happen without this patch Stash the bs pointer and use bdrv_ref/bdrv_unref in addition to QLIST_FOREACH_SAFE to prevent such a case from happening. Since bdrv_unref accesses global state that is not protected by the AioContext lock, we cannot use bdrv_ref/bdrv_unref unconditionally. Fortunately the protection is not needed in IOThread because only main loop can modify a graph with the AioContext lock held. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20170418143044.12187-2-famz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Tested-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> |
||
|---|---|---|
| .. | ||
| accounting.c | ||
| backup.c | ||
| blkdebug.c | ||
| blkreplay.c | ||
| blkverify.c | ||
| block-backend.c | ||
| bochs.c | ||
| cloop.c | ||
| commit.c | ||
| crypto.c | ||
| curl.c | ||
| dirty-bitmap.c | ||
| dmg-bz2.c | ||
| dmg.c | ||
| dmg.h | ||
| file-posix.c | ||
| file-win32.c | ||
| gluster.c | ||
| io.c | ||
| iscsi-opts.c | ||
| iscsi.c | ||
| linux-aio.c | ||
| Makefile.objs | ||
| mirror.c | ||
| nbd-client.c | ||
| nbd-client.h | ||
| nbd.c | ||
| nfs.c | ||
| null.c | ||
| parallels.c | ||
| qapi.c | ||
| qcow2-cache.c | ||
| qcow2-cluster.c | ||
| qcow2-refcount.c | ||
| qcow2-snapshot.c | ||
| qcow2.c | ||
| qcow2.h | ||
| qcow.c | ||
| qed-check.c | ||
| qed-cluster.c | ||
| qed-gencb.c | ||
| qed-l2-cache.c | ||
| qed-table.c | ||
| qed.c | ||
| qed.h | ||
| quorum.c | ||
| raw-format.c | ||
| rbd.c | ||
| replication.c | ||
| sheepdog.c | ||
| snapshot.c | ||
| ssh.c | ||
| stream.c | ||
| throttle-groups.c | ||
| trace-events | ||
| vdi.c | ||
| vhdx-endian.c | ||
| vhdx-log.c | ||
| vhdx.c | ||
| vhdx.h | ||
| vmdk.c | ||
| vpc.c | ||
| vvfat.c | ||
| win32-aio.c | ||
| write-threshold.c | ||