git.proxmox.com Git - mirror

author	Paolo Bonzini <pbonzini@redhat.com>
	Mon, 15 May 2017 10:00:55 +0000 (12:00 +0200)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 3 Aug 2017 19:32:58 +0000 (14:32 -0500)
commit	c79bef68c46cfb04d856516dcc5f828842f2907b
tree	af6b7e15ba73e3b4ce040ffd1729184fb1c68602	tree
parent	4b519b9fd7c5e3d0107243ff776c0b5086ff2f4f	commit \| diff

curl: avoid recursive locking of BDRVCURLState mutex

The curl driver has a ugly hack where, if it cannot find an empty CURLState,
it just uses aio_poll to wait for one to be empty.  This is probably
buggy when used together with dataplane, and the simplest way to fix it
is to use coroutines instead.

A more immediate effect of the bug however is that it can cause a
recursive call to curl_readv_bh_cb and recursively taking the
BDRVCURLState mutex.  This causes a deadlock.

The fix is to unlock the mutex around aio_poll, but for cleanliness we
should also take the mutex around all calls to curl_init_state, even if
reaching the unlock/lock pair is impossible.  The same is true for
curl_clean_state.

Reported-by: Kun Wei <kuwei@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20170515100059.15795-4-pbonzini@redhat.com
Cc: qemu-stable@nongnu.org
Cc: Jeff Cody <jcody@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
(cherry picked from commit 456af346297ebef86aa097b3609534d34f3d2f75)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>