git.ipfire.org Git - thirdparty/qemu.git/commit

author	Kevin Wolf <kwolf@redhat.com>
	Thu, 14 Mar 2024 16:58:24 +0000 (17:58 +0100)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Tue, 19 Mar 2024 16:45:55 +0000 (19:45 +0300)
commit	a69a002dcd6059e5da222695e94223fe65fbca70
tree	cacea48554e99c50dc019776413120531912e7e1	tree
parent	13fc21ae3de6ad626cf920cc520c7db9157e4671	commit \| diff

nbd/server: Fix race in draining the export

When draining an NBD export, nbd_drained_begin() first sets
client->quiescing so that nbd_client_receive_next_request() won't start
any new request coroutines. Then nbd_drained_poll() tries to makes sure
that we wait for any existing request coroutines by checking that
client->nb_requests has become 0.

However, there is a small window between creating a new request
coroutine and increasing client->nb_requests. If a coroutine is in this
state, it won't be waited for and drain returns too early.

In the context of switching to a different AioContext, this means that
blk_aio_attached() will see client->recv_coroutine != NULL and fail its
assertion.

Fix this by increasing client->nb_requests immediately when starting the
coroutine. Doing this after the checks if we should create a new
coroutine is okay because client->lock is held.

Cc: qemu-stable@nongnu.org
Fixes: fd6afc501a01 ("nbd/server: Use drained block ops to quiesce the server")
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20240314165825.40261-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9c707525cbb1dd1e56876e45c70c0c08f2876d41)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>