From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org, peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 18/18] block/nfs: fix mutex assertion in nfs_file_close()
Date: Tue, 8 Aug 2017 15:58:38 +0200 [thread overview]
Message-ID: <20170808135838.11525-19-kwolf@redhat.com> (raw)
In-Reply-To: <20170808135838.11525-1-kwolf@redhat.com>
From: Jeff Cody <jcody@redhat.com>
Commit c096358e747e88fc7364e40e3c354ee0bb683960 introduced assertion
checks for when qemu_mutex() functions are called without the
corresponding qemu_mutex_init() having initialized the mutex.
This uncovered a latent bug in qemu's nfs driver - in
nfs_client_close(), the NFSClient structure is overwritten with zeros,
prior to the mutex being destroyed.
Go ahead and destroy the mutex in nfs_client_close(), and change where
we call qemu_mutex_init() so that it is correctly balanced.
There are also a couple of memory leaks obscured by the memset, so this
fixes those as well.
Finally, we should be able to get rid of the memset(), as it isn't
necessary.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/nfs.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/block/nfs.c b/block/nfs.c
index d8db419957..bec16b72a6 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -433,19 +433,23 @@ static void nfs_client_close(NFSClient *client)
if (client->context) {
if (client->fh) {
nfs_close(client->context, client->fh);
+ client->fh = NULL;
}
aio_set_fd_handler(client->aio_context, nfs_get_fd(client->context),
false, NULL, NULL, NULL, NULL);
nfs_destroy_context(client->context);
+ client->context = NULL;
}
- memset(client, 0, sizeof(NFSClient));
+ g_free(client->path);
+ qemu_mutex_destroy(&client->mutex);
+ qapi_free_NFSServer(client->server);
+ client->server = NULL;
}
static void nfs_file_close(BlockDriverState *bs)
{
NFSClient *client = bs->opaque;
nfs_client_close(client);
- qemu_mutex_destroy(&client->mutex);
}
static NFSServer *nfs_config(QDict *options, Error **errp)
@@ -498,6 +502,7 @@ static int64_t nfs_client_open(NFSClient *client, QDict *options,
struct stat st;
char *file = NULL, *strp = NULL;
+ qemu_mutex_init(&client->mutex);
opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
qemu_opts_absorb_qdict(opts, options, &local_err);
if (local_err) {
@@ -660,7 +665,7 @@ static int nfs_file_open(BlockDriverState *bs, QDict *options, int flags,
if (ret < 0) {
return ret;
}
- qemu_mutex_init(&client->mutex);
+
bs->total_sectors = ret;
ret = 0;
return ret;
--
2.13.4
next prev parent reply other threads:[~2017-08-08 13:59 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-08 13:58 [Qemu-devel] [PULL 00/18] Block layer patches for 2.10.0-rc2 Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 01/18] qemu-iotests/109: Fix lock race condition Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 02/18] quorum: Set sectors-count to 0 when reporting a flush error Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 03/18] block/vhdx: check error return of bdrv_getlength() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 04/18] block/vhdx: check for offset overflow to bdrv_truncate() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 05/18] block/vhdx: check error return of bdrv_flush() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 06/18] block/vhdx: check error return of bdrv_truncate() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 07/18] block: drop bdrv_set_key from BlockDriver Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 08/18] block/null: Remove 'filename' option Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 09/18] vmdk: Fix error handling/reporting of vmdk_check Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 10/18] block: respect error code from bdrv_getlength in handle_aiocb_write_zeroes Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 11/18] parallels: respect error code of bdrv_getlength() in allocate_clusters() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 12/18] parallels: drop check that bdrv_truncate() is working Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 13/18] block: Fix order in bdrv_replace_child() Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 14/18] block: Allow reopen rw without BDRV_O_ALLOW_RDWR Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 15/18] block: Set BDRV_O_ALLOW_RDWR during rw reopen Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 16/18] qemu-io: Allow reopen read-write Kevin Wolf
2017-08-08 13:58 ` [Qemu-devel] [PULL 17/18] qemu-iotests: Test reopen between read-only and read-write Kevin Wolf
2017-08-08 13:58 ` Kevin Wolf [this message]
2017-08-08 15:30 ` [Qemu-devel] [PULL 00/18] Block layer patches for 2.10.0-rc2 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170808135838.11525-19-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.