On 11.09.19 12:03, Max Reitz wrote: > From: Sergio Lopez <s...@redhat.com> > > block_job_remove_all_bdrv() iterates through job->nodes, calling > bdrv_root_unref_child() for each entry. The call to the latter may > reach child_job_[can_]set_aio_ctx(), which will also attempt to > traverse job->nodes, potentially finding entries that where freed > on previous iterations. > > To avoid this situation, update job->nodes head on each iteration to > ensure that already freed entries are no longer linked to the list. > > RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1746631 > Signed-off-by: Sergio Lopez <s...@redhat.com> > Cc: qemu-sta...@nongnu.org > Signed-off-by: Max Reitz <mre...@redhat.com> > --- > v3: > - Rewrote the loop to make the whole function a bit simpler > (Also, remove the node from the job->nodes list before unref'ing it, > just to be extra-safe) > --- > blockjob.c | 17 +++++++++++++---- > 1 file changed, 13 insertions(+), 4 deletions(-)
Thanks Sergio for tracking down the bug’s cause, the original patch, and the review; I’ve applied the patch to my block branch: https://git.xanclic.moe/XanClic/qemu/commits/branch/block Max
signature.asc
Description: OpenPGP digital signature
