From patchwork Thu Sep 2 11:42:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Schoenebeck X-Patchwork-Id: 12471463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E44ABC432BE for ; Thu, 2 Sep 2021 12:21:02 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 89F816054E for ; Thu, 2 Sep 2021 12:21:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 89F816054E Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=crudebyte.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=nongnu.org Received: from localhost ([::1]:51104 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mLliH-0001nQ-I3 for qemu-devel@archiver.kernel.org; Thu, 02 Sep 2021 08:21:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52762) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <97b1d8fdf6c923203968f44805e25dc92b11a317@lizzy.crudebyte.com>) id 1mLlFz-0001Fu-QV for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:47 -0400 Received: from lizzy.crudebyte.com ([91.194.90.13]:51075) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <97b1d8fdf6c923203968f44805e25dc92b11a317@lizzy.crudebyte.com>) id 1mLlFs-0006rE-Sf for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=lizzy; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-Id:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=huvXyPhyEyRe/ipDmgg8quhEL+BftkN51cGEvm9v/o4=; b=LI6Fw ED8ehxO8CF1t4eLraVU4AMmflOIjQW1xigmnCdQRSA33kQdC2mLe+gVYmcWIhjFvjTuv8koAA91y2 Bn17or/zgiU8ahcI+q1ynkIeavLPhYFtG8U8THTYLRoY/iOKvJP+wrJ7rsZ1U/rU2EH1nXehQyzI6 L7ytA+JSoa03s7TjrnZwWBlh551VnXrEhosa8ctJeGN9mNziUnE0y+J81hUJM3wH+e+W+zd2952kd mg9M+ScfyQyrfUlMzXXLwzNRIiVIKv98QK1RX+7nNoY2VL4T6x1bYvn84te1DMrltmgonufF15FXC rx/gTEbhpz5KZLKo5JwvkBaiTEjxA==; Message-Id: <97b1d8fdf6c923203968f44805e25dc92b11a317.1630582967.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Thu, 02 Sep 2021 13:42:47 +0200 Subject: [PULL 1/3] hw/9pfs: avoid 'path' copy in v9fs_walk() To: qemu-devel@nongnu.org, Peter Maydell Cc: Greg Kurz Received-SPF: none client-ip=91.194.90.13; envelope-from=97b1d8fdf6c923203968f44805e25dc92b11a317@lizzy.crudebyte.com; helo=lizzy.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The v9fs_walk() function resolves all client submitted path nodes to the local 'pathes' array. Using a separate string scalar variable 'path' inside the background worker thread loop and copying that local 'path' string scalar variable subsequently to the 'pathes' array (at the end of each loop iteration) is not necessary. Instead simply resolve each path directly to the 'pathes' array and don't use the string scalar variable 'path' inside the fs worker thread loop at all. The only advantage of the 'path' scalar was that in case of an error the respective 'pathes' element would not be filled. Right now this is not an issue as the v9fs_walk() function returns as soon as any error occurs. Suggested-by: Greg Kurz Signed-off-by: Christian Schoenebeck Reviewed-by: Greg Kurz Message-Id: <7dacbecf25b2c9b4a0ce12d689a8a535f09a31e3.1629208359.git.qemu_oss@crudebyte.com> --- hw/9pfs/9p.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 2815257f42..4d642ab12a 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1787,7 +1787,8 @@ static void coroutine_fn v9fs_walk(void *opaque) strcmp("..", wnames[name_idx].data)) { err = s->ops->name_to_path(&s->ctx, &dpath, - wnames[name_idx].data, &path); + wnames[name_idx].data, + &pathes[name_idx]); if (err < 0) { err = -errno; break; @@ -1796,14 +1797,13 @@ static void coroutine_fn v9fs_walk(void *opaque) err = -EINTR; break; } - err = s->ops->lstat(&s->ctx, &path, &stbuf); + err = s->ops->lstat(&s->ctx, &pathes[name_idx], &stbuf); if (err < 0) { err = -errno; break; } stbufs[name_idx] = stbuf; - v9fs_path_copy(&dpath, &path); - v9fs_path_copy(&pathes[name_idx], &path); + v9fs_path_copy(&dpath, &pathes[name_idx]); } } }); From patchwork Thu Sep 2 11:42:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Christian Schoenebeck X-Patchwork-Id: 12471467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2FB4C432BE for ; Thu, 2 Sep 2021 12:23:33 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B49EE6054E for ; Thu, 2 Sep 2021 12:23:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B49EE6054E Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=crudebyte.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=nongnu.org Received: from localhost ([::1]:58264 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mLlki-0006cV-QY for qemu-devel@archiver.kernel.org; Thu, 02 Sep 2021 08:23:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52774) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <869605b5a076e231ae36c54866f348b9bdf18f76@lizzy.crudebyte.com>) id 1mLlG1-0001Jd-0L for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:49 -0400 Received: from lizzy.crudebyte.com ([91.194.90.13]:42771) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <869605b5a076e231ae36c54866f348b9bdf18f76@lizzy.crudebyte.com>) id 1mLlFz-0006rN-Jy for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=lizzy; h=Cc:To:Content-Transfer-Encoding:Content-Type: MIME-Version:Subject:Date:From:References:In-Reply-To:Message-Id:Content-ID: Content-Description; bh=vpZWw6ZlQwcnUcbRmtdHMKDNn5le3pMtNva+I+AC6Jo=; b=ibZK/ lZ/snVynIi5VNbX8BH5wGBZiGmWYfkjJE6OmO+s2z88w8HFHr0UPTQHFK9E1swcWplSET+3B/Im0E Sz7nNSmNQYCnrZf36DM4zk9wNUukfSkkgDn3xHVkLjVItU747YS86V3c+xnn99o/H5qDSlnGVfHum to4DjnUooBe0qLrKaKi8MTjDymNEMncMyWvYa9fXKHJR7sRas9yCHc3zi/6JumZXwhlVKYnykg5N4 rRBk9kR5NhL57z01BGR4vl0un0D8FJGToFWppf86WYCmzvHxReT+dULAhp83MXklBY0uRBqjmIFQ0 7+drEAd4X8gKsXaElZZhaEvnd7EDQ==; Message-Id: <869605b5a076e231ae36c54866f348b9bdf18f76.1630582967.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Thu, 02 Sep 2021 13:42:47 +0200 Subject: [PULL 2/3] hw/9pfs: use g_autofree in v9fs_walk() where possible MIME-Version: 1.0 To: qemu-devel@nongnu.org, Peter Maydell Cc: Greg Kurz Received-SPF: none client-ip=91.194.90.13; envelope-from=869605b5a076e231ae36c54866f348b9bdf18f76@lizzy.crudebyte.com; helo=lizzy.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Suggested-by: Greg Kurz Signed-off-by: Christian Schoenebeck Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Greg Kurz Message-Id: --- hw/9pfs/9p.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 4d642ab12a..c857b31321 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1703,11 +1703,12 @@ static bool same_stat_id(const struct stat *a, const struct stat *b) static void coroutine_fn v9fs_walk(void *opaque) { int name_idx; - V9fsQID *qids = NULL; + g_autofree V9fsQID *qids = NULL; int i, err = 0; V9fsPath dpath, path, *pathes = NULL; uint16_t nwnames; - struct stat stbuf, fidst, *stbufs = NULL; + struct stat stbuf, fidst; + g_autofree struct stat *stbufs = NULL; size_t offset = 7; int32_t fid, newfid; V9fsString *wnames = NULL; @@ -1872,8 +1873,6 @@ out_nofid: v9fs_path_free(&pathes[name_idx]); } g_free(wnames); - g_free(qids); - g_free(stbufs); g_free(pathes); } } From patchwork Thu Sep 2 11:42:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Schoenebeck X-Patchwork-Id: 12471471 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AE22C432BE for ; Thu, 2 Sep 2021 12:27:17 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A6E8861059 for ; Thu, 2 Sep 2021 12:27:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A6E8861059 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=crudebyte.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=nongnu.org Received: from localhost ([::1]:37920 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mLloJ-0003Xh-KZ for qemu-devel@archiver.kernel.org; Thu, 02 Sep 2021 08:27:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52824) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mLlG8-0001l2-AG for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:56 -0400 Received: from lizzy.crudebyte.com ([91.194.90.13]:48995) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mLlG6-0006ra-LT for qemu-devel@nongnu.org; Thu, 02 Sep 2021 07:51:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=lizzy; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-Id:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=jrx/vT+QUzUBsJuKPl621+bCaiWTm/AVkmhAnnC3ldM=; b=j8fAU fnMzPuK+0d4FNp69IpAjqNRgWpEOcvMv7S3SM7tZeOH5+efpQg84VZNrkV7um4ApoGeZkcXcezqRO mmFz8voV7bftTWOUidvIxPbQB1ZegDLELS3HdMaTFvep7apzQp23qljTz4zcKndVAakyGh+/cp5P+ lKVL8a0nwHA9ax3OSp73BrZeoXujcWl0dFN+OP/TRrgtTbQdj75K+hqkC1sA3mR7sYJNc8A2aCofv BULkTtCDDq0PcjW3q+cY68LybRbnhUJr1jTBZxtlYsXQxeQRVa1H3ctHF5zsfBAHELdu6u3cGc37N ERh5a2ElyHbun6M9+TbJd1ArFbGUw==; Message-Id: In-Reply-To: References: From: Christian Schoenebeck Date: Thu, 02 Sep 2021 13:42:47 +0200 Subject: [PULL 3/3] 9pfs: fix crash in v9fs_walk() To: qemu-devel@nongnu.org, Peter Maydell Cc: Greg Kurz Received-SPF: none client-ip=91.194.90.13; envelope-from=f83df00900816476cca41bb536e4d532b297d76e@lizzy.crudebyte.com; helo=lizzy.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the supplied fs driver code block on a background worker thread. When either the 'Twalk' client request was interrupted or if the client requested fid for that 'Twalk' request caused a stat error then that fs driver code block was left by 'break' keyword, with the intention to return from worker thread back to main thread as well: v9fs_co_run_in_worker({ if (v9fs_request_cancelled(pdu)) { err = -EINTR; break; } err = s->ops->lstat(&s->ctx, &dpath, &fidst); if (err < 0) { err = -errno; break; } ... }); However that 'break;' statement also skipped the v9fs_co_run_in_worker() macro's final and mandatory /* re-enter back to qemu thread */ qemu_coroutine_yield(); call and thus caused the rest of v9fs_walk() to be continued being executed on the worker thread instead of main thread, eventually leading to a crash in the transport virtio transport driver. To fix this issue and to prevent the same error from happening again by other users of v9fs_co_run_in_worker() in future, auto wrap the supplied code block into its own do { } while (0); loop inside the 'v9fs_co_run_in_worker' macro definition. Full discussion and backtrace: https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html Fixes: 8d6cb100731c4d28535adbf2a3c2d1f29be3fef4 Signed-off-by: Christian Schoenebeck Cc: qemu-stable@nongnu.org Reviewed-by: Greg Kurz Message-Id: --- hw/9pfs/coth.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h index c51289903d..f83c7dda7b 100644 --- a/hw/9pfs/coth.h +++ b/hw/9pfs/coth.h @@ -51,7 +51,9 @@ */ \ qemu_coroutine_yield(); \ qemu_bh_delete(co_bh); \ - code_block; \ + do { \ + code_block; \ + } while (0); \ /* re-enter back to qemu thread */ \ qemu_coroutine_yield(); \ } while (0)