From nobody Sun Apr 28 23:16:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1571933457; cv=none; d=zoho.com; s=zohoarc; b=ECR/m9LsIq3H3buvQzOq5EfACsOl3Id8aP/io9F7fg3DYp4FetijdjqMfhV9LRYnqWWHPuUUztkcEDKyAJWQjyciDvVRGVgaTncURXQHYBRn3sLcZYglgwAJaLnChP4LfuduK3pfQn2mpNHx2bFHEcQNrIGbGHARiyVc72lFANk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1571933457; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9LJoglF2mgLiX5CKzDkqfxJZ7sYWlsbIwnruFJ8v0ug=; b=E7gf1uET2YXQpJHFRPiPqnTF9NiAO/g5u3jQn7RO1bTYFB57ybI1NTwif2ftz338vL2r4OTPbsQ7WJ6P6JPOuLBQpBRMnf3pWKdz576WqIEN7ALGVsbO5QZS/JxGK8pmpQCZyBiPBxUnhkBDTep6AyfzII80Ve/mhJ+PCB6DSWI= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1571933457230626.3561348640587; Thu, 24 Oct 2019 09:10:57 -0700 (PDT) Received: from localhost ([::1]:46253 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNfhN-0004ot-Uj for importer@patchew.org; Thu, 24 Oct 2019 12:10:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43860) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNebI-0001r2-2Z for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:00:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNebG-0002m3-2d for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:00:31 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:29217 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iNebF-0002lE-Uz for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:00:30 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-108-OR2Dg5X7NAyYpIgoG3tR-Q-1; Thu, 24 Oct 2019 11:00:13 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 62F32107AFDE; Thu, 24 Oct 2019 14:27:17 +0000 (UTC) Received: from linux.fritz.box.com (unknown [10.36.118.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id EDC4354560; Thu, 24 Oct 2019 14:27:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1571929227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9LJoglF2mgLiX5CKzDkqfxJZ7sYWlsbIwnruFJ8v0ug=; b=HtUfFlIgYRx3/7RXSKZ/r1BMBR+gl/ecwQm9OzZowq72k/RAvWIkX5HoBD2YBm5V885GmV fBcG7gkhfwC7f3K8rPoiMwR3S00RFq6q2MJW6vFaseCeNyD4JF0ypSQUauBWAOUAMO+uiA Xe4lJPmoQC58kfXYPBLMLNh8uBbumdY= From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH v2 1/2] coroutine: Add qemu_co_mutex_assert_locked() Date: Thu, 24 Oct 2019 16:26:57 +0200 Message-Id: <20191024142658.22306-2-kwolf@redhat.com> In-Reply-To: <20191024142658.22306-1-kwolf@redhat.com> References: <20191024142658.22306-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: OR2Dg5X7NAyYpIgoG3tR-Q-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.61 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, psyhomb@gmail.com, michael@weiser.dinsnail.net, vsementsov@virtuozzo.com, den@virtuozzo.com, qemu-devel@nongnu.org, qemu-stable@nongnu.org, dgilbert@redhat.com, mreitz@redhat.com, lersek@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Some functions require that the caller holds a certain CoMutex for them to operate correctly. Add a function so that they can assert the lock is really held. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Denis V. Lunev Reviewed-by: Max Reitz Reviewed-by: Vladimir Sementsov-Ogievskiy Tested-by: Michael Weiser --- include/qemu/coroutine.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h index 9801e7f5a4..f4843b5f59 100644 --- a/include/qemu/coroutine.h +++ b/include/qemu/coroutine.h @@ -167,6 +167,21 @@ void coroutine_fn qemu_co_mutex_lock(CoMutex *mutex); */ void coroutine_fn qemu_co_mutex_unlock(CoMutex *mutex); =20 +/** + * Assert that the current coroutine holds @mutex. + */ +static inline coroutine_fn void qemu_co_mutex_assert_locked(CoMutex *mutex) +{ + /* + * mutex->holder doesn't need any synchronisation if the assertion hol= ds + * true because the mutex protects it. If it doesn't hold true, we sti= ll + * don't mind if another thread takes or releases mutex behind our bac= k, + * because the condition will be false no matter whether we read NULL = or + * the pointer for any other coroutine. + */ + assert(atomic_read(&mutex->locked) && + mutex->holder =3D=3D qemu_coroutine_self()); +} =20 /** * CoQueues are a mechanism to queue coroutines in order to continue execu= ting --=20 2.20.1 From nobody Sun Apr 28 23:16:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1571934117; cv=none; d=zoho.com; s=zohoarc; b=Tl+LQUHLb2xZRXdXt75B77uMfeCCOrsLbkXPSmWRpKN6RqaZKYRRfc0XcA44BZFqMBYlkHmDF7mijl5GDpUWIkoEUfWS9BLpyPpH8w5i536QnDBEACnN1KabHyTcw+K8eQ7wfANPTow9w0dYU1ka4HIY8clwx5TuabFZYDWA6go= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1571934117; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Tuw7jPVAC8t9b7fUJpfhTX1lKd/eBhDThuf6fJzMH6k=; b=nWo0AZ5KNIt49KBb7zMuC0Z48xeW2/gdTkt7RfcolSdQiq8pnOUEmzSSeNKuQ+AEmVgHD5ma0WkqAQHXShMSuLyw1HAXTgzbkc3kf9rjM8HG2poGl/02uTxBLj/6l4Vy1pvMde5E+nCSJd0dKI2YIjZWKZIn7GWb9DMgQ7b0VO0= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 15719341174481000.6850440312929; Thu, 24 Oct 2019 09:21:57 -0700 (PDT) Received: from localhost ([::1]:46594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNfs4-000306-4v for importer@patchew.org; Thu, 24 Oct 2019 12:21:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44897) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNefs-0005fm-Pr for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:05:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNefr-0004ZP-E1 for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:05:16 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:46050 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iNefr-0004ZC-AU for qemu-devel@nongnu.org; Thu, 24 Oct 2019 11:05:15 -0400 Received: from mimecast-mx01.redhat.com (209.132.183.4 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-62-YR5yCBgfMc2s9v2MlTELUA-1; Thu, 24 Oct 2019 11:05:01 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E56508797DC; Thu, 24 Oct 2019 14:27:19 +0000 (UTC) Received: from linux.fritz.box.com (unknown [10.36.118.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id B001854560; Thu, 24 Oct 2019 14:27:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1571929514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Tuw7jPVAC8t9b7fUJpfhTX1lKd/eBhDThuf6fJzMH6k=; b=A5ziBp6uWnUJFxdvy8EcpWMei57LHWge7kAEb3wmGDVDGiXz48RVOxrfwCTfGou4Vc+T9a 7REw65kY0/KzB6mYt/F44oij+ri6+2pV9fza2pLZelPK27YWGqofiCsL/VBj+ihR4OFTyn I48LBvOflwS2J3fR3Qnd9bZmnkMYWfM= From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH v2 2/2] qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation() Date: Thu, 24 Oct 2019 16:26:58 +0200 Message-Id: <20191024142658.22306-3-kwolf@redhat.com> In-Reply-To: <20191024142658.22306-1-kwolf@redhat.com> References: <20191024142658.22306-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: YR5yCBgfMc2s9v2MlTELUA-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, psyhomb@gmail.com, michael@weiser.dinsnail.net, vsementsov@virtuozzo.com, den@virtuozzo.com, qemu-devel@nongnu.org, qemu-stable@nongnu.org, dgilbert@redhat.com, mreitz@redhat.com, lersek@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" qcow2_detect_metadata_preallocation() calls qcow2_get_refcount() which requires s->lock to be taken to protect its accesses to the refcount table and refcount blocks. However, nothing in this code path actually took the lock. This could cause the same cache entry to be used by two requests at the same time, for different tables at different offsets, resulting in image corruption. As it would be preferable to base the detection on consistent data (even though it's just heuristics), let's take the lock not only around the qcow2_get_refcount() calls, but around the whole function. This patch takes the lock in qcow2_co_block_status() earlier and asserts in qcow2_detect_metadata_preallocation() that we hold the lock. Fixes: 69f47505ee66afaa513305de0c1895a224e52c45 Cc: qemu-stable@nongnu.org Reported-by: Michael Weiser Signed-off-by: Kevin Wolf Reviewed-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Max Reitz Tested-by: Michael Weiser --- block/qcow2-refcount.c | 2 ++ block/qcow2.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index ef965d7895..0d64bf5a5e 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -3455,6 +3455,8 @@ int qcow2_detect_metadata_preallocation(BlockDriverSt= ate *bs) int64_t i, end_cluster, cluster_count =3D 0, threshold; int64_t file_length, real_allocation, real_clusters; =20 + qemu_co_mutex_assert_locked(&s->lock); + file_length =3D bdrv_getlength(bs->file->bs); if (file_length < 0) { return file_length; diff --git a/block/qcow2.c b/block/qcow2.c index 8b05933565..0bc69e6996 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1916,6 +1916,8 @@ static int coroutine_fn qcow2_co_block_status(BlockDr= iverState *bs, unsigned int bytes; int status =3D 0; =20 + qemu_co_mutex_lock(&s->lock); + if (!s->metadata_preallocation_checked) { ret =3D qcow2_detect_metadata_preallocation(bs); s->metadata_preallocation =3D (ret =3D=3D 1); @@ -1923,7 +1925,6 @@ static int coroutine_fn qcow2_co_block_status(BlockDr= iverState *bs, } =20 bytes =3D MIN(INT_MAX, count); - qemu_co_mutex_lock(&s->lock); ret =3D qcow2_get_cluster_offset(bs, offset, &bytes, &cluster_offset); qemu_co_mutex_unlock(&s->lock); if (ret < 0) { --=20 2.20.1