From nobody Tue Feb 10 23:32:56 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1615788860; cv=none; d=zohomail.com; s=zohoarc; b=ObiNMP2shAufGTfuFxaxh7JS8qEC8Vf8j36Y4hfKp8BsxkWaUBemz317JC8n0Jw/X3uFR5AB4HYo9tuYXlyEYPnO5ssHLwjKjFQOQ3E7elTUrWyuznoUIvXUSs9/CMNt/61EzPUDRoeJX3Nrl67n0pwQQx0a3WcYggg9kg38V2Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1615788860; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mIy54WIgKT/b/2NM+qYbxSn6vKp+ZnYdfYoMcvdPhbs=; b=AWg2TMp5m/xxqL3qmb+SXP85DMl3q9IifB/LX6lUSvS8Q+fjzlD6ZZ+L9KZg6H9bxf71S3LSmS5BVOuAlUZ6vGS0I41u+vGHH1t9W4lFZEcKA/BhqujD778yVh2FFDtusofwWcujCz8BPz8OClTGlZ/aycHZwjE7BzxAOQ2hHaw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1615788860254400.5628698673585; Sun, 14 Mar 2021 23:14:20 -0700 (PDT) Received: from localhost ([::1]:51784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLgUc-0001bI-Sy for importer@patchew.org; Mon, 15 Mar 2021 02:14:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47060) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLgMw-000155-0G; Mon, 15 Mar 2021 02:06:22 -0400 Received: from forwardcorp1p.mail.yandex.net ([2a02:6b8:0:1472:2741:0:8b6:217]:50852) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLgMs-0004bv-C7; Mon, 15 Mar 2021 02:06:20 -0400 Received: from sas1-6b1512233ef6.qloud-c.yandex.net (sas1-6b1512233ef6.qloud-c.yandex.net [IPv6:2a02:6b8:c14:44af:0:640:6b15:1223]) by forwardcorp1p.mail.yandex.net (Yandex) with ESMTP id B932E2E14B4; Mon, 15 Mar 2021 09:06:13 +0300 (MSK) Received: from sas1-24e978739efd.qloud-c.yandex.net (sas1-24e978739efd.qloud-c.yandex.net [2a02:6b8:c14:3088:0:640:24e9:7873]) by sas1-6b1512233ef6.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 0I2FtcBroh-6DCOrseb; Mon, 15 Mar 2021 09:06:13 +0300 Received: from dynamic-vpn.dhcp.yndx.net (dynamic-vpn.dhcp.yndx.net [2a02:6b8:b081:23::1:15]) by sas1-24e978739efd.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id FoAWGMWkZt-6Dn0hUl0; Mon, 15 Mar 2021 09:06:13 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Precedence: bulk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1615788373; bh=mIy54WIgKT/b/2NM+qYbxSn6vKp+ZnYdfYoMcvdPhbs=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=LRdpfr4rj7wK64ZNW3d8T9n+4nztWlEfDrcmXaFO5BImbYLE6gYDyAEG4/tu/KILY 4cS6ojVhMn/Xi+rt95y806E6C+ig8yQzslbMiuzxb/FmatQ89iOvTvxkGE5A/PB7h6 ZDMTWZmxMAk2Ei1nIep7gEtI97VpBBbyUXXCMs2s= Authentication-Results: sas1-6b1512233ef6.qloud-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Roman Kagan To: qemu-devel@nongnu.org Subject: [PATCH 1/7] block/nbd: avoid touching freed connect_thread Date: Mon, 15 Mar 2021 09:06:05 +0300 Message-Id: <20210315060611.2989049-2-rvkagan@yandex-team.ru> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210315060611.2989049-1-rvkagan@yandex-team.ru> References: <20210315060611.2989049-1-rvkagan@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a02:6b8:0:1472:2741:0:8b6:217; envelope-from=rvkagan@yandex-team.ru; helo=forwardcorp1p.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz , yc-core@yandex-team.ru Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When the NBD connection is being torn down, the connection thread gets canceled and "detached", meaning it is about to get freed. If this happens while the connection coroutine yielded waiting for the connection thread to complete, when it resumes it may access the invalidated connection thread data. To prevent this, revalidate the ->connect_thread pointer in nbd_co_establish_connection_cancel before using after the the yield. Signed-off-by: Roman Kagan Reviewed-by: Vladimir Sementsov-Ogievskiy --- block/nbd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/block/nbd.c b/block/nbd.c index c26dc5a54f..447d176b76 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -486,6 +486,15 @@ nbd_co_establish_connection(BlockDriverState *bs, Erro= r **errp) s->wait_connect =3D true; qemu_coroutine_yield(); =20 + /* + * If nbd_co_establish_connection_cancel had a chance to run it may ha= ve + * invalidated ->connect_thread. + */ + thr =3D s->connect_thread; + if (!thr) { + return -ECONNABORTED; + } + qemu_mutex_lock(&thr->mutex); =20 switch (thr->state) { --=20 2.30.2