qemu/block
Stefan Hajnoczi bc19a0a6e4 throttle-groups: fix restart coroutine iothread race
The following QMP command leads to a crash when iothreads are used:

  { 'execute': 'device_del', 'arguments': {'id': 'data'} }

The backtrace involves the queue restart coroutine where
tgm->throttle_state is a NULL pointer because
throttle_group_unregister_tgm() has already been called:

  (gdb) bt full
  #0  0x00005585a7a3b378 in qemu_mutex_lock_impl (mutex=0xffffffffffffffd0, file=0x5585a7bb3d54 "block/throttle-groups.c", line=412) at util/qemu-thread-posix.c:64
        err = <optimized out>
        __PRETTY_FUNCTION__ = "qemu_mutex_lock_impl"
        __func__ = "qemu_mutex_lock_impl"
  #1  0x00005585a79be074 in throttle_group_restart_queue_entry (opaque=0x5585a9de4eb0) at block/throttle-groups.c:412
        _f = <optimized out>
        data = 0x5585a9de4eb0
        tgm = 0x5585a9079440
        ts = 0x0
        tg = 0xffffffffffffff98
        is_write = false
        empty_queue = 255

This coroutine should not execute in the iothread after the throttle
group member has been unregistered!

The root cause is that the device_del code path schedules the restart
coroutine in the iothread while holding the AioContext lock.  Therefore
the iothread cannot execute the coroutine until after device_del
releases the lock - by this time it's too late.

This patch adds a reference count to ThrottleGroupMember so we can
synchronously wait for restart coroutines to complete.  Once they are
done it is safe to unregister the ThrottleGroupMember.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 20190114133257.30299-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 10:02:28 +00:00
..
Makefile.objs configure: adding support to lzfse library. 2018-12-14 11:52:40 +01:00
accounting.c block/accounting: introduce latency histogram 2018-03-19 14:58:37 -05:00
backup.c Revert "hbitmap: Add @advance param to hbitmap_iter_next()" 2019-01-15 18:26:50 -05:00
blkdebug.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
blklogwrites.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
blkreplay.c trivial: Make bios files and source files non-executable 2018-09-25 17:26:18 +02:00
blkverify.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
block-backend.c block: Null pointer dereference in blk_root_get_parent_desc() 2018-11-12 17:49:21 +01:00
bochs.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
cloop.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
commit.c block: Use bdrv_reopen_set_read_only() in bdrv_commit() 2018-12-14 11:55:01 +01:00
copy-on-read.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
create.c jobs: utilize job_exit shim 2018-08-31 16:28:33 +02:00
crypto.c crypto: support multiple threads accessing one QCryptoBlock 2018-12-12 11:16:49 +00:00
crypto.h block/crypto: Simplify block_crypto_{open,create}_opts_init() 2018-06-29 14:20:56 +02:00
curl.c curl: Support auto-read-only option 2018-11-05 15:09:55 +01:00
dirty-bitmap.c Revert "hbitmap: Add @advance param to hbitmap_iter_next()" 2019-01-15 18:26:50 -05:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg-lzfse.c block: adding lzfse decompressing support as a module. 2018-12-14 11:52:40 +01:00
dmg.c dmg: don't skip zero chunk 2019-01-04 11:15:09 +00:00
dmg.h dmg: including dmg-lzfse module inside dmg block driver. 2018-12-14 11:52:40 +01:00
file-posix.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
file-win32.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
gluster.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
io.c block: Use a single global AioWait 2018-09-25 15:50:15 +02:00
iscsi-opts.c Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
iscsi.c block: Work-around a bug in libiscsi 1.9.0 when used in gnu99 mode 2019-01-22 06:26:32 +01:00
linux-aio.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
mirror.c block/mirror: fix and improve do_sync_target_write 2019-01-15 18:26:50 -05:00
nbd-client.c nbd/client: Change signature of nbd_negotiate_simple_meta_context() 2019-01-21 15:49:52 -06:00
nbd-client.h nbd/client: Add x-dirty-bitmap to query bitmap from server 2018-07-02 15:27:38 -05:00
nbd.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
nfs.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
null.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
nvme.c block/nvme: optimize the performance of nvme driver based on vfio-pci 2019-01-09 09:38:34 +08:00
parallels.c parallels: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
parallels.h Clean up includes 2018-02-09 05:05:11 +01:00
qapi.c block/qapi: Fix memory leak in qmp_query_blockstats() 2018-08-15 12:50:39 +02:00
qcow.c crypto: support multiple threads accessing one QCryptoBlock 2018-12-12 11:16:49 +00:00
qcow2-bitmap.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
qcow2-cache.c qcow2: Allow configuring the L2 slice size 2018-02-13 17:00:00 +01:00
qcow2-cluster.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
qcow2-refcount.c qcow2: Don't allow overflow during cluster allocation 2018-11-19 12:51:40 +01:00
qcow2-snapshot.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
qcow2.c qcow2: do decompression in threads 2018-12-14 11:52:41 +01:00
qcow2.h qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
qed-check.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed.c error: Fix use of error_prepend() with &error_fatal, &error_abort 2018-10-19 14:51:34 +02:00
qed.h qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
quorum.c quorum: Forbid adding children in blkverify mode 2018-11-05 15:09:54 +01:00
raw-format.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
rbd.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
replication.c block: Remove flags parameter from bdrv_reopen_queue() 2018-12-14 11:55:02 +01:00
sheepdog.c block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays 2019-01-17 21:10:57 -05:00
snapshot.c block: make .bdrv_close optional 2018-08-15 12:50:39 +02:00
ssh.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
stream.c block: Use bdrv_reopen_set_read_only() in stream_start/complete() 2018-12-14 11:55:02 +01:00
throttle-groups.c throttle-groups: fix restart coroutine iothread race 2019-01-24 10:02:28 +00:00
throttle.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
trace-events block/nbd-client: use traces instead of noisy error_report_err 2019-01-04 17:34:58 -06:00
vdi.c vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE 2018-11-05 15:28:48 +01:00
vhdx-endian.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx-log.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.h qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
vmdk.c vmdk: align end of file to a sector boundary 2018-09-26 10:47:18 +08:00
vpc.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
vvfat.c vvfat: Fix memory leak 2018-11-19 12:51:40 +01:00
vxhs.c block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
win32-aio.c file-win32: Switch to byte-based callbacks 2018-05-15 16:11:41 +02:00
write-threshold.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00