e74c0f316d
CVE-2017-7539: qemu-nbd crashes due to undefined I/O coroutine CVE-2017-11434: slirp: out-of-bounds read while parsing dhcp options CVE-2017-11334: exec: oob access during dma operation CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging CVE-2017-10664: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-9524: nbd: segmentation fault due to client non-negotiation CVE-2017-9503: scsi: null pointer dereference while processing megasas command
99 lines
3.4 KiB
Diff
99 lines
3.4 KiB
Diff
From e340d6c3321d3eb4e6f7854550cfdc94aa1c8143 Mon Sep 17 00:00:00 2001
|
|
From: Anton Nefedov <anton.nefedov@virtuozzo.com>
|
|
Date: Wed, 26 Apr 2017 11:33:15 +0300
|
|
Subject: [PATCH 02/23] qemu-img: wait for convert coroutines to complete
|
|
|
|
On error path (like i/o error in one of the coroutines), it's required to
|
|
- wait for coroutines completion before cleaning the common structures
|
|
- reenter dependent coroutines so they ever finish
|
|
|
|
Introduced in 2d9187bc65.
|
|
|
|
Cc: qemu-stable@nongnu.org
|
|
Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
|
|
Reviewed-by: Peter Lieven <pl@kamp.de>
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
---
|
|
qemu-img.c | 26 +++++++++++---------------
|
|
1 file changed, 11 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/qemu-img.c b/qemu-img.c
|
|
index b9d1ef7bb8..59f4f7f22a 100644
|
|
--- a/qemu-img.c
|
|
+++ b/qemu-img.c
|
|
@@ -1761,13 +1761,13 @@ static void coroutine_fn convert_co_do_copy(void *opaque)
|
|
qemu_co_mutex_lock(&s->lock);
|
|
if (s->ret != -EINPROGRESS || s->sector_num >= s->total_sectors) {
|
|
qemu_co_mutex_unlock(&s->lock);
|
|
- goto out;
|
|
+ break;
|
|
}
|
|
n = convert_iteration_sectors(s, s->sector_num);
|
|
if (n < 0) {
|
|
qemu_co_mutex_unlock(&s->lock);
|
|
s->ret = n;
|
|
- goto out;
|
|
+ break;
|
|
}
|
|
/* save current sector and allocation status to local variables */
|
|
sector_num = s->sector_num;
|
|
@@ -1792,7 +1792,6 @@ static void coroutine_fn convert_co_do_copy(void *opaque)
|
|
error_report("error while reading sector %" PRId64
|
|
": %s", sector_num, strerror(-ret));
|
|
s->ret = ret;
|
|
- goto out;
|
|
}
|
|
} else if (!s->min_sparse && status == BLK_ZERO) {
|
|
status = BLK_DATA;
|
|
@@ -1801,22 +1800,20 @@ static void coroutine_fn convert_co_do_copy(void *opaque)
|
|
|
|
if (s->wr_in_order) {
|
|
/* keep writes in order */
|
|
- while (s->wr_offs != sector_num) {
|
|
- if (s->ret != -EINPROGRESS) {
|
|
- goto out;
|
|
- }
|
|
+ while (s->wr_offs != sector_num && s->ret == -EINPROGRESS) {
|
|
s->wait_sector_num[index] = sector_num;
|
|
qemu_coroutine_yield();
|
|
}
|
|
s->wait_sector_num[index] = -1;
|
|
}
|
|
|
|
- ret = convert_co_write(s, sector_num, n, buf, status);
|
|
- if (ret < 0) {
|
|
- error_report("error while writing sector %" PRId64
|
|
- ": %s", sector_num, strerror(-ret));
|
|
- s->ret = ret;
|
|
- goto out;
|
|
+ if (s->ret == -EINPROGRESS) {
|
|
+ ret = convert_co_write(s, sector_num, n, buf, status);
|
|
+ if (ret < 0) {
|
|
+ error_report("error while writing sector %" PRId64
|
|
+ ": %s", sector_num, strerror(-ret));
|
|
+ s->ret = ret;
|
|
+ }
|
|
}
|
|
|
|
if (s->wr_in_order) {
|
|
@@ -1837,7 +1834,6 @@ static void coroutine_fn convert_co_do_copy(void *opaque)
|
|
}
|
|
}
|
|
|
|
-out:
|
|
qemu_vfree(buf);
|
|
s->co[index] = NULL;
|
|
s->running_coroutines--;
|
|
@@ -1899,7 +1895,7 @@ static int convert_do_copy(ImgConvertState *s)
|
|
qemu_coroutine_enter(s->co[i]);
|
|
}
|
|
|
|
- while (s->ret == -EINPROGRESS) {
|
|
+ while (s->running_coroutines) {
|
|
main_loop_wait(false);
|
|
}
|
|
|
|
--
|
|
2.11.0
|
|
|