qemu/block
Fam Zheng 178bd438af block: Walk bs->children carefully in bdrv_drain_recurse
The recursive bdrv_drain_recurse may run a block job completion BH that
drops nodes. The coming changes will make that more likely and use-after-free
would happen without this patch

Stash the bs pointer and use bdrv_ref/bdrv_unref in addition to
QLIST_FOREACH_SAFE to prevent such a case from happening.

Since bdrv_unref accesses global state that is not protected by the AioContext
lock, we cannot use bdrv_ref/bdrv_unref unconditionally.  Fortunately the
protection is not needed in IOThread because only main loop can modify a graph
with the AioContext lock held.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20170418143044.12187-2-famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Tested-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
2017-04-18 22:56:28 +08:00
..
Makefile.objs block: Drop unmaintained 'archipelago' driver 2017-03-13 12:49:33 +01:00
accounting.c block: Clean up includes 2016-01-20 13:36:23 +01:00
backup.c backup: React to bdrv_is_allocated() errors 2017-03-13 12:49:33 +01:00
blkdebug.c block: Request child permissions in filter drivers 2017-02-28 20:40:36 +01:00
blkreplay.c block: Request child permissions in filter drivers 2017-02-28 20:40:36 +01:00
blkverify.c block: Request child permissions in filter drivers 2017-02-28 20:40:36 +01:00
block-backend.c throttle: Remove block from group on hot-unplug 2017-04-11 15:33:00 +02:00
bochs.c block: Request child permissions in format drivers 2017-02-28 20:40:36 +01:00
cloop.c block: Request child permissions in format drivers 2017-02-28 20:40:36 +01:00
commit.c commit: Set commit_top_bs->total_sectors 2017-04-07 14:44:05 +02:00
crypto.c block: Request child permissions in format drivers 2017-02-28 20:40:36 +01:00
curl.c block/curl: Check protocol prefix 2017-03-31 15:53:22 -04:00
dirty-bitmap.c block: More operations for meta dirty bitmap 2016-10-24 17:56:07 +02:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg.c block: Request child permissions in format drivers 2017-02-28 20:40:36 +01:00
dmg.h dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
file-posix.c block: Document -drive problematic code and bugs 2017-04-03 17:11:39 +02:00
file-win32.c block: Rename raw-{posix,win32} to file-*.c 2017-01-09 13:30:53 +01:00
gluster.c qapi-schema: SocketAddressFlat variants 'vsock' and 'fd' 2017-04-03 17:11:39 +02:00
io.c block: Walk bs->children carefully in bdrv_drain_recurse 2017-04-18 22:56:28 +08:00
iscsi-opts.c block/iscsi: statically link qemu_iscsi_opts 2017-01-27 18:07:58 +01:00
iscsi.c iscsi: Fix iscsi_create 2017-04-11 15:33:00 +02:00
linux-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
mirror.c mirror: Fix aio context of mirror_top_bs 2017-04-07 14:44:06 +02:00
nbd-client.c nbd-client: fix handling of hungup connections 2017-03-27 16:50:36 +02:00
nbd-client.h nbd: drop unused NBDClientSession.is_unix field 2017-03-27 14:41:01 +02:00
nbd.c * MemoryRegionCache revert 2017-04-04 11:40:55 +01:00
nfs.c block: Document -drive problematic code and bugs 2017-04-03 17:11:39 +02:00
null.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
parallels.c block/parallels: Avoid overflows 2017-04-03 17:11:40 +02:00
qapi.c block: Don't bother asserting type of output visitor's output 2017-02-22 19:52:20 +01:00
qcow.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
qcow2-cache.c qcow2: Remove stale comment 2016-11-25 13:51:30 +01:00
qcow2-cluster.c qcow2: Discard unaligned tail when wiping image 2017-04-03 17:11:40 +02:00
qcow2-refcount.c block: Pass BdrvChild to bdrv_truncate() 2017-02-24 16:09:23 +01:00
qcow2-snapshot.c block: Convert bdrv_pwrite(v/_sync) to BdrvChild 2016-07-05 16:46:27 +02:00
qcow2.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
qcow2.h qcow2: Optimize the refcount-block overlap check 2017-02-12 00:47:43 +01:00
qed-check.c qed: Use DIV_ROUND_UP 2016-06-07 18:19:24 +03:00
qed-cluster.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
qed-gencb.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-l2-cache.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-table.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
qed.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
qed.h block: explicitly acquire aiocontext in timers that need it 2017-02-21 11:14:08 +00:00
quorum.c block: Request child permissions in filter drivers 2017-02-28 20:40:36 +01:00
raw-format.c block: Request child permissions in filter drivers 2017-02-28 20:40:36 +01:00
rbd.c block: Document -drive problematic code and bugs 2017-04-03 17:11:39 +02:00
replication.c replication: clarify permissions 2017-03-17 12:54:06 +01:00
sheepdog.c sheepdog: Fix crash in co_read_response() 2017-04-11 16:08:29 +01:00
snapshot.c block: pass the right options for BlockDriver.bdrv_open() 2017-04-11 15:33:00 +02:00
ssh.c block: Document -drive problematic code and bugs 2017-04-03 17:11:39 +02:00
stream.c block: Add Error parameter to bdrv_set_backing_hd() 2017-02-28 20:47:51 +01:00
throttle-groups.c coroutine-lock: add mutex argument to CoQueue APIs 2017-02-21 11:39:40 +00:00
trace-events trace: clean up trace-events files 2017-01-31 17:12:15 +00:00
vdi.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
vhdx-endian.c vhdx: Use QEMU UUID API 2016-09-23 11:42:52 +08:00
vhdx-log.c block: Pass BdrvChild to bdrv_truncate() 2017-02-24 16:09:23 +01:00
vhdx.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
vhdx.h block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec 2014-12-12 15:42:22 +00:00
vmdk.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
vpc.c block: Add BDRV_O_RESIZE for blk_new_open() 2017-02-28 20:40:36 +01:00
vvfat.c vvfat: React to bdrv_is_allocated() errors 2017-03-13 12:49:33 +01:00
win32-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
write-threshold.c block: use bdrv_add_before_write_notifier 2016-10-07 13:34:07 +02:00