qemu/tests
Hanna Reitz b1e1af394d block/stream: Drain subtree around graph change
When the stream block job cuts out the nodes between top and base in
stream_prepare(), it does not drain the subtree manually; it fetches the
base node, and tries to insert it as the top node's backing node with
bdrv_set_backing_hd().  bdrv_set_backing_hd() however will drain, and so
the actual base node might change (because the base node is actually not
part of the stream job) before the old base node passed to
bdrv_set_backing_hd() is installed.

This has two implications:

First, the stream job does not keep a strong reference to the base node.
Therefore, if it is deleted in bdrv_set_backing_hd()'s drain (e.g.
because some other block job is drained to finish), we will get a
use-after-free.  We should keep a strong reference to that node.

Second, even with such a strong reference, the problem remains that the
base node might change before bdrv_set_backing_hd() actually runs and as
a result the wrong base node is installed.

Both effects can be seen in 030's TestParallelOps.test_overlapping_5()
case, which has five nodes, and simultaneously streams from the middle
node to the top node, and commits the middle node down to the base node.
As it is, this will sometimes crash, namely when we encounter the
above-described use-after-free.

Taking a strong reference to the base node, we no longer get a crash,
but the resuling block graph is less than ideal: The expected result is
obviously that all middle nodes are cut out and the base node is the
immediate backing child of the top node.  However, if stream_prepare()
takes a strong reference to its base node (the middle node), and then
the commit job finishes in bdrv_set_backing_hd(), supposedly dropping
that middle node, the stream job will just reinstall it again.

Therefore, we need to keep the whole subtree drained in
stream_prepare(), so that the graph modification it performs is
effectively atomic, i.e. that the base node it fetches is still the base
node when bdrv_set_backing_hd() sets it as the top node's backing node.

Verify this by asserting in said 030's test case that the base node is
always the top node's immediate backing child when both jobs are done.

Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220324140907.17192-1-hreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru>
2022-03-29 16:30:55 +02:00
..
avocado tests/avocado: start PhoneServer upfront 2022-03-16 08:43:10 +01:00
bench osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
data tests/acpi: update expected data files 2022-03-15 09:31:44 +01:00
decode decodetree: Extend argument set syntax to allow types 2021-05-01 11:45:35 -07:00
docker tests/docker: introduce debian-riscv64-test-cross 2022-02-28 16:42:02 +00:00
fp tests/fp/berkeley-testfloat-3: Ignore ignored #pragma directives 2022-03-15 13:36:33 +01:00
guest-debug chardev: do not use short form boolean options in non-QemuOpts character device descriptions 2021-02-25 15:41:53 +01:00
image-fuzzer
include
keys
lcitool tests/docker: update debian-s390x-cross with lcitool 2022-02-28 16:42:02 +00:00
migration tests/migration: fix unix socket migration 2021-07-14 14:15:52 +01:00
multiboot
perf/block/qcow2
plugin tests/plugins: add instruction matching to libinsn.so 2022-02-09 12:08:42 +00:00
qapi-schema meson: drop sphinx_extn_depends 2021-11-08 12:27:23 +04:00
qemu-iotests block/stream: Drain subtree around graph change 2022-03-29 16:30:55 +02:00
qtest * Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611) 2022-03-22 20:45:30 +00:00
rocker
tcg target/arm: Fix sve2 ldnt1 and stnt1 2022-03-18 10:55:15 +00:00
tsan
uefi-test-tools
unit tests: remove needless include 2022-03-22 14:46:18 +04:00
vm tests/vm: Update haiku test vm to R1/Beta3 2022-03-07 19:00:05 +01:00
vmstate-static-checker-data hw: Replace anti-social QOM type names 2021-03-19 15:18:43 +01:00
check-block.sh tests/qemu-iotests: Rework the checks and spots using GNU sed 2022-03-04 18:18:26 +01:00
dbus-vmstate-daemon.sh
Makefile.include tests/Makefile.include: Let "make clean" remove the TCG tests, too 2022-03-23 10:25:22 +00:00
meson.build meson: use .allowed() method for features 2022-02-16 15:01:33 +01:00
requirements.txt acceptance tests: bump Avocado version to 88.1 2021-06-01 16:21:21 -04:00
test-qht-par.c
vhost-user-bridge.c tests/vhost-user-bridge.c: Fix typo in help message 2021-09-04 17:34:05 -04:00