On Thu, Apr 08, 2021 at 05:08:18PM +0300, Vladimir Sementsov-Ogievskiy wrote: > The structure is shared between NBD BDS and connection thread. And it > is possible the connect thread will finish after closing and releasing > for the bs. To handle this we have a concept of > CONNECT_THREAD_RUNNING_DETACHED state and when thread is running and > BDS is going to be closed we don't free the structure, but instead move > it to CONNECT_THREAD_RUNNING_DETACHED state, so that thread will free > it. > > Still more native way to solve the problem is using reference counter > for shared structure. Let's use it. It makes code smaller and more > readable. > > New approach also makes checks in nbd_co_establish_connection() > redundant: now we are sure that s->connect_thread is valid during the > whole life of NBD BDS. > > This also fixes possible use-after-free of s->connect_thread if > nbd_co_establish_connection_cancel() clears it during > nbd_co_establish_connection(), and nbd_co_establish_connection() uses > local copy of s->connect_thread after yield point. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> > --- > block/nbd.c | 62 +++++++++++++++++------------------------------------ > 1 file changed, 20 insertions(+), 42 deletions(-)
Reviewed-by: Roman Kagan <rvka...@yandex-team.ru>
