From nobody Fri May 3 11:30:17 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1630515522; cv=none; d=zohomail.com; s=zohoarc; b=g3uGgoAYcLbM24aLbLkT6xpBIwXqYwLvXI1sqVcMsf2D20FfsRKjR62CK0zuQ8a3RyTf0jJAV9PhZP5NI3EpsueqDsozr6PQDGC+oVzLFmv75nO3zYW2t3yG5WjDQnmNvNU52AloceiapvArgBhKplHpp+4JPtqigmkQVi5Sq/s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630515522; h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To; bh=nKc4xoHOiVDi+8PQUp+JySodBOj7RAySbDvGBuOLt9U=; b=jFlU4aDciM7eQAy78OrQq8OoKYtUaPgFesL8qrW1cyp6/hOzTDOa0yF0UBPTMGo96LSlAxoKVUwFzuPvWK0v0qm50kRIHhbdR5c3//CnihqpB1eQbWOCTzH8d/ktphkwW+KkD/9L8Fa2YpuXGGfS9RSLzjTnaLoALCZQBKxxOu8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1630515522552580.3617746600427; Wed, 1 Sep 2021 09:58:42 -0700 (PDT) Received: from localhost ([::1]:36464 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mLTZR-0003qY-Jb for importer@patchew.org; Wed, 01 Sep 2021 12:58:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39478) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <67cc6486b7aa95e35ce1dec25e67e05f9946bd35@lizzy.crudebyte.com>) id 1mLTDh-0001L9-J9; Wed, 01 Sep 2021 12:36:13 -0400 Received: from lizzy.crudebyte.com ([91.194.90.13]:50961) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <67cc6486b7aa95e35ce1dec25e67e05f9946bd35@lizzy.crudebyte.com>) id 1mLTDf-0006pH-6V; Wed, 01 Sep 2021 12:36:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=lizzy; h=Message-Id:Cc:To:Subject:Date:From:Content-Type: Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Content-ID: Content-Description; bh=nKc4xoHOiVDi+8PQUp+JySodBOj7RAySbDvGBuOLt9U=; b=VZtO0 Z4zs1qyeu5YVWalnLhlMfDXCmvwRBa8GKZZLxnd40elpiaXYIkefWTONDZOORMHZymsy/4tTAlX4K 8xtLQvHw18A6XZxXXKzSMdGp7LbDvOraKociVOrli31g7pPMTVuP2AaJHYoGo03JVqAuM/zaLTXUN aqvuuC6YRIIDSM78wuR2E/uVRwYpBL1T/H4ZQOGF0e25TnLdkwzghVNVlhnxkNdxCDaWg5o3mwio9 5uiCDzxllseelbGusJmOylLclzJb1c/NLYsS3sK3JLDqJT4v16o6+19JzVppYDiKx7GaycLfM4ELl +a552OT2fds4CmPnd6y6dNAQ+zgPQ==; From: Christian Schoenebeck Date: Wed, 1 Sep 2021 18:15:10 +0200 Subject: [PATCH] 9pfs: fix crash in v9fs_walk() To: qemu-devel@nongnu.org Cc: Greg Kurz , qemu-stable@nongnu.org Message-Id: Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=91.194.90.13; envelope-from=67cc6486b7aa95e35ce1dec25e67e05f9946bd35@lizzy.crudebyte.com; helo=lizzy.crudebyte.com X-Spam_score_int: -1 X-Spam_score: -0.2 X-Spam_bar: / X-Spam_report: (-0.2 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1630515524884100001 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the supplied fs driver code block on a background worker thread. When either the 'Twalk' client request was interrupted or if the client requested fid for that 'Twalk' request caused a stat error then that fs driver code block was left by 'break' keyword, with the intention to return from worker thread back to main thread as well: v9fs_co_run_in_worker({ if (v9fs_request_cancelled(pdu)) { err =3D -EINTR; break; } err =3D s->ops->lstat(&s->ctx, &dpath, &fidst); if (err < 0) { err =3D -errno; break; } ... }); However that 'break;' statement also skipped the v9fs_co_run_in_worker() macro's final and mandatory /* re-enter back to qemu thread */ qemu_coroutine_yield(); call and thus caused the rest of v9fs_walk() to be continued being executed on the worker thread instead of main thread, eventually leading to a crash in the transport virtio transport driver. To fix this issue and to prevent the same error from happening again by other users of v9fs_co_run_in_worker() in future, auto wrap the supplied code block into its own do { } while (0); loop inside the 'v9fs_co_run_in_worker' macro definition. Full discussion and backtrace: https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html Fixes: 8d6cb100731c4d28535adbf2a3c2d1f29be3fef4 Signed-off-by: Christian Schoenebeck Cc: qemu-stable@nongnu.org Reviewed-by: Greg Kurz --- hw/9pfs/coth.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h index c51289903d..f83c7dda7b 100644 --- a/hw/9pfs/coth.h +++ b/hw/9pfs/coth.h @@ -51,7 +51,9 @@ */ \ qemu_coroutine_yield(); \ qemu_bh_delete(co_bh); \ - code_block; \ + do { \ + code_block; \ + } while (0); \ /* re-enter back to qemu thread */ \ qemu_coroutine_yield(); \ } while (0) --=20 2.20.1