07.08.2017 14:52, Eric Blake wrote:
On 08/04/2017 10:14 AM, Vladimir Sementsov-Ogievskiy wrote:
Set reply.handle to 0 on error path to prevent normal path of
nbd_co_receive_reply.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
---
block/nbd-client.c | 1 +
1 file changed, 1 insertion(+)
Can you document a case where not fixing this would be an observable bug
(even if it requires using gdb and single-stepping between client and
server to make what is otherwise a racy situation easy to see)? I'm
trying to figure out if this is 2.10 material.
it is simple enough:
run qemu-nbd in gdb, set break on nbd_send_reply, and when it shoot s,
next up to "stl_be_p(buf, NBD_REPLY_MAGIC);" and after it do "call
stl_be_p(buf, 1000)"
run qemu-io with some read in gdb, set break on
br block/nbd-client.c:83
( it is break; after failed nbd_receive_reply call)
and on
br block/nbd-client.c:170
(it is in nbd_co_receive_reply after yield)
on first break we will be sure that nbd_receive_reply failed,
on second we will be sure by
(gdb) p s->reply
$1 = {handle = 93825000680144, error = 0}
(gdb) p request->handle
$2 = 93825000680144
that we are on normal receiving path.
diff --git a/block/nbd-client.c b/block/nbd-client.c
index dc19894a7c..0c88d84de6 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -107,6 +107,7 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
qemu_coroutine_yield();
}
+ s->reply.handle = 0;
nbd_recv_coroutines_enter_all(s);
s->read_reply_co = NULL;
}
--
Best regards,
Vladimir