rpms / qemu-kvm-ma

Clone
Source Code
GIT

Blame SOURCES/kvm-nbd-client-avoid-read_reply_co-entry-if-send-failed.patch

c7 c7-alt c7-beta
  1.   4a2fecc46a7a90f76fded8863922a530409d45cc
  2.   SOURCES
  3.   kvm-nbd-client-avoid-read_reply_co-entry-if-send-failed.patch
Blob History Raw
4a2fec 
From d532d1959bdce14c56e2dd37a5dd013dd7c5ed39 Mon Sep 17 00:00:00 2001
4a2fec 
From: Eric Blake <eblake@redhat.com>
4a2fec 
Date: Fri, 6 Oct 2017 19:24:06 +0200
4a2fec 
Subject: [PATCH 14/34] nbd-client: avoid read_reply_co entry if send failed
4a2fec
4a2fec 
RH-Author: Eric Blake <eblake@redhat.com>
4a2fec 
Message-id: <20171006192409.29915-2-eblake@redhat.com>
4a2fec 
Patchwork-id: 76913
4a2fec 
O-Subject: [RHEV-7.5 qemu-kvm-rhev PATCH 1/4] nbd-client: avoid read_reply_co entry if send failed
4a2fec 
Bugzilla: 1482478
4a2fec 
RH-Acked-by: Max Reitz <mreitz@redhat.com>
4a2fec 
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
4a2fec 
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
4a2fec
4a2fec 
From: Stefan Hajnoczi <stefanha@redhat.com>
4a2fec
4a2fec 
The following segfault is encountered if the NBD server closes the UNIX
4a2fec 
domain socket immediately after negotiation:
4a2fec
4a2fec 
  Program terminated with signal SIGSEGV, Segmentation fault.
4a2fec 
  #0  aio_co_schedule (ctx=0x0, co=0xd3c0ff2ef0) at util/async.c:441
4a2fec 
  441       QSLIST_INSERT_HEAD_ATOMIC(&ctx->scheduled_coroutines,
4a2fec 
  (gdb) bt
4a2fec 
  #0  0x000000d3c01a50f8 in aio_co_schedule (ctx=0x0, co=0xd3c0ff2ef0) at util/async.c:441
4a2fec 
  #1  0x000000d3c012fa90 in nbd_coroutine_end (bs=bs@entry=0xd3c0fec650, request=<optimized out>) at block/nbd-client.c:207
4a2fec 
  #2  0x000000d3c012fb58 in nbd_client_co_preadv (bs=0xd3c0fec650, offset=0, bytes=<optimized out>, qiov=0x7ffc10a91b20, flags=0) at block/nbd-client.c:237
4a2fec 
  #3  0x000000d3c0128e63 in bdrv_driver_preadv (bs=bs@entry=0xd3c0fec650, offset=offset@entry=0, bytes=bytes@entry=512, qiov=qiov@entry=0x7ffc10a91b20, flags=0) at block/io.c:836
4a2fec 
  #4  0x000000d3c012c3e0 in bdrv_aligned_preadv (child=child@entry=0xd3c0ff51d0, req=req@entry=0x7f31885d6e90, offset=offset@entry=0, bytes=bytes@entry=512, align=align@entry=1, qiov=qiov@entry=0x7ffc10a91b20, f
4a2fec 
+lags=0) at block/io.c:1086
4a2fec 
  #5  0x000000d3c012c6b8 in bdrv_co_preadv (child=0xd3c0ff51d0, offset=offset@entry=0, bytes=bytes@entry=512, qiov=qiov@entry=0x7ffc10a91b20, flags=flags@entry=0) at block/io.c:1182
4a2fec 
  #6  0x000000d3c011cc17 in blk_co_preadv (blk=0xd3c0ff4f80, offset=0, bytes=512, qiov=0x7ffc10a91b20, flags=0) at block/block-backend.c:1032
4a2fec 
  #7  0x000000d3c011ccec in blk_read_entry (opaque=0x7ffc10a91b40) at block/block-backend.c:1079
4a2fec 
  #8  0x000000d3c01bbb96 in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:79
4a2fec 
  #9  0x00007f3196cb8600 in __start_context () at /lib64/libc.so.6
4a2fec
4a2fec 
The problem is that nbd_client_init() uses
4a2fec 
nbd_client_attach_aio_context() -> aio_co_schedule(new_context,
4a2fec 
client->read_reply_co).  Execution of read_reply_co is deferred to a BH
4a2fec 
which doesn't run until later.
4a2fec
4a2fec 
In the mean time blk_co_preadv() can be called and nbd_coroutine_end()
4a2fec 
calls aio_wake() on read_reply_co.  At this point in time
4a2fec 
read_reply_co's ctx isn't set because it has never been entered yet.
4a2fec
4a2fec 
This patch simplifies the nbd_co_send_request() ->
4a2fec 
nbd_co_receive_reply() -> nbd_coroutine_end() lifecycle to just
4a2fec 
nbd_co_send_request() -> nbd_co_receive_reply().  The request is "ended"
4a2fec 
if an error occurs at any point.  Callers no longer have to invoke
4a2fec 
nbd_coroutine_end().
4a2fec
4a2fec 
This cleanup also eliminates the segfault because we don't call
4a2fec 
aio_co_schedule() to wake up s->read_reply_co if sending the request
4a2fec 
failed.  It is only necessary to wake up s->read_reply_co if a reply was
4a2fec 
received.
4a2fec
4a2fec 
Note this only happens with UNIX domain sockets on Linux.  It doesn't
4a2fec 
seem possible to reproduce this with TCP sockets.
4a2fec
4a2fec 
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
4a2fec 
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
4a2fec 
Message-Id: <20170829122745.14309-2-stefanha@redhat.com>
4a2fec 
Signed-off-by: Eric Blake <eblake@redhat.com>
4a2fec 
(cherry picked from commit 3c2d5183f9fa4eac3d17d841e26da65a0181ae7b)
4a2fec 
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
4a2fec 
---
4a2fec 
 block/nbd-client.c | 25 +++++++++----------------
4a2fec 
 1 file changed, 9 insertions(+), 16 deletions(-)
4a2fec
4a2fec 
diff --git a/block/nbd-client.c b/block/nbd-client.c
4a2fec 
index 25bcaa2..ea728ff 100644
4a2fec 
--- a/block/nbd-client.c
4a2fec 
+++ b/block/nbd-client.c
4a2fec 
@@ -144,12 +144,12 @@ static int nbd_co_send_request(BlockDriverState *bs,
4a2fec 
     request->handle = INDEX_TO_HANDLE(s, i);
4a2fec
4a2fec 
     if (s->quit) {
4a2fec 
-        qemu_co_mutex_unlock(&s->send_mutex);
4a2fec 
-        return -EIO;
4a2fec 
+        rc = -EIO;
4a2fec 
+        goto err;
4a2fec 
     }
4a2fec 
     if (!s->ioc) {
4a2fec 
-        qemu_co_mutex_unlock(&s->send_mutex);
4a2fec 
-        return -EPIPE;
4a2fec 
+        rc = -EPIPE;
4a2fec 
+        goto err;
4a2fec 
     }
4a2fec
4a2fec 
     if (qiov) {
4a2fec 
@@ -166,8 +166,13 @@ static int nbd_co_send_request(BlockDriverState *bs,
4a2fec 
     } else {
4a2fec 
         rc = nbd_send_request(s->ioc, request);
4a2fec 
     }
4a2fec 
+
4a2fec 
+err:
4a2fec 
     if (rc < 0) {
4a2fec 
         s->quit = true;
4a2fec 
+        s->requests[i].coroutine = NULL;
4a2fec 
+        s->in_flight--;
4a2fec 
+        qemu_co_queue_next(&s->free_sema);
4a2fec 
     }
4a2fec 
     qemu_co_mutex_unlock(&s->send_mutex);
4a2fec 
     return rc;
4a2fec 
@@ -201,13 +206,6 @@ static void nbd_co_receive_reply(NBDClientSession *s,
4a2fec 
         /* Tell the read handler to read another header.  */
4a2fec 
         s->reply.handle = 0;
4a2fec 
     }
4a2fec 
-}
4a2fec 
-
4a2fec 
-static void nbd_coroutine_end(BlockDriverState *bs,
4a2fec 
-                              NBDRequest *request)
4a2fec 
-{
4a2fec 
-    NBDClientSession *s = nbd_get_client_session(bs);
4a2fec 
-    int i = HANDLE_TO_INDEX(s, request->handle);
4a2fec
4a2fec 
     s->requests[i].coroutine = NULL;
4a2fec
4a2fec 
@@ -243,7 +241,6 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t offset,
4a2fec 
     } else {
4a2fec 
         nbd_co_receive_reply(client, &request, &reply, qiov);
4a2fec 
     }
4a2fec 
-    nbd_coroutine_end(bs, &request);
4a2fec 
     return -reply.error;
4a2fec 
 }
4a2fec
4a2fec 
@@ -272,7 +269,6 @@ int nbd_client_co_pwritev(BlockDriverState *bs, uint64_t offset,
4a2fec 
     } else {
4a2fec 
         nbd_co_receive_reply(client, &request, &reply, NULL);
4a2fec 
     }
4a2fec 
-    nbd_coroutine_end(bs, &request);
4a2fec 
     return -reply.error;
4a2fec 
 }
4a2fec
4a2fec 
@@ -306,7 +302,6 @@ int nbd_client_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset,
4a2fec 
     } else {
4a2fec 
         nbd_co_receive_reply(client, &request, &reply, NULL);
4a2fec 
     }
4a2fec 
-    nbd_coroutine_end(bs, &request);
4a2fec 
     return -reply.error;
4a2fec 
 }
4a2fec
4a2fec 
@@ -330,7 +325,6 @@ int nbd_client_co_flush(BlockDriverState *bs)
4a2fec 
     } else {
4a2fec 
         nbd_co_receive_reply(client, &request, &reply, NULL);
4a2fec 
     }
4a2fec 
-    nbd_coroutine_end(bs, &request);
4a2fec 
     return -reply.error;
4a2fec 
 }
4a2fec
4a2fec 
@@ -355,7 +349,6 @@ int nbd_client_co_pdiscard(BlockDriverState *bs, int64_t offset, int bytes)
4a2fec 
     } else {
4a2fec 
         nbd_co_receive_reply(client, &request, &reply, NULL);
4a2fec 
     }
4a2fec 
-    nbd_coroutine_end(bs, &request);
4a2fec 
     return -reply.error;
4a2fec
4a2fec 
 }
4a2fec 
--
4a2fec 
1.8.3.1
4a2fec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation