6e9beed308
block-nbd was refacted during release 6.2.0, but we didn't induced all the needed patches within the 6.2.0 baseline, which leads to vm crash during migration. the reasons are as below: when iothread is configured, the coroutines should get back to the exact iothread that was out of. But within the 6.2.0 baseline, patches were missing, nbd related coroutine didn't have its related aio_context. It in fact get to the mainline aio_context, the mistaken context leads to vm crash.
39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 8353d0d6a31042ba7c54696ef1ec59eb883d647f Mon Sep 17 00:00:00 2001
|
|
From: Zhang Bo <oscar.zhangbo@huawei.com>
|
|
Date: Mon, 29 Aug 2022 15:37:08 +0800
|
|
Subject: [PATCH 4/5] block/nbd: Assert there are no timers when closed
|
|
|
|
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
|
|
they will access freed data when they fire.
|
|
|
|
This patch is separate from the patches that actually fix the issue
|
|
(HEAD^^ and HEAD^) so that you can run the associated regression iotest
|
|
(281) on a configuration that reproducibly exposes the bug.
|
|
|
|
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
|
|
---
|
|
block/nbd.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/block/nbd.c b/block/nbd.c
|
|
index 5ff8a57314..dc6c3f3bbc 100644
|
|
--- a/block/nbd.c
|
|
+++ b/block/nbd.c
|
|
@@ -110,6 +110,10 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
|
|
|
|
yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
|
|
|
|
+ /* Must not leave timers behind that would access freed data */
|
|
+ assert(!s->reconnect_delay_timer);
|
|
+ assert(!s->open_timer);
|
|
+
|
|
object_unref(OBJECT(s->tlscreds));
|
|
qapi_free_SocketAddress(s->saddr);
|
|
s->saddr = NULL;
|
|
--
|
|
2.27.0
|
|
|