@@ -1289,6 +1289,7 @@ blk_co_do_preadv_part(BlockBackend *blk, int64_t offset, int64_t bytes,
IO_CODE();
blk_wait_while_drained(blk);
+ GRAPH_RDLOCK_GUARD();
/* Call blk_bs() only after waiting, the graph may have changed */
bs = blk_bs(blk);
@@ -942,6 +942,7 @@ static int coroutine_fn bdrv_driver_preadv(BlockDriverState *bs,
unsigned int nb_sectors;
QEMUIOVector local_qiov;
int ret;
+ assert_bdrv_graph_readable();
bdrv_check_qiov_request(offset, bytes, qiov, qiov_offset, &error_abort);
assert(!(flags & ~bs->supported_read_flags));
@@ -389,8 +389,10 @@ static void coroutine_fn mirror_co_read(void *opaque)
op->is_in_flight = true;
trace_mirror_one_iteration(s, op->offset, op->bytes);
- ret = bdrv_co_preadv(s->mirror_top_bs->backing, op->offset, op->bytes,
- &op->qiov, 0);
+ WITH_GRAPH_RDLOCK_GUARD() {
+ ret = bdrv_co_preadv(s->mirror_top_bs->backing, op->offset, op->bytes,
+ &op->qiov, 0);
+ }
mirror_read_complete(op, ret);
}
@@ -476,6 +476,7 @@ struct BlockDriver {
Error **errp);
/* aio */
+ /* Called with graph rdlock held. */
BlockAIOCB *(*bdrv_aio_preadv)(BlockDriverState *bs,
int64_t offset, int64_t bytes, QEMUIOVector *qiov,
BdrvRequestFlags flags, BlockCompletionFunc *cb, void *opaque);
@@ -489,6 +490,7 @@ struct BlockDriver {
int64_t offset, int bytes,
BlockCompletionFunc *cb, void *opaque);
+ /* Called with graph rdlock held. */
int coroutine_fn (*bdrv_co_readv)(BlockDriverState *bs,
int64_t sector_num, int nb_sectors, QEMUIOVector *qiov);
@@ -506,11 +508,14 @@ struct BlockDriver {
* no larger than 'max_transfer'.
*
* The buffer in @qiov may point directly to guest memory.
+ *
+ * Called with graph rdlock held.
*/
int coroutine_fn (*bdrv_co_preadv)(BlockDriverState *bs,
int64_t offset, int64_t bytes, QEMUIOVector *qiov,
BdrvRequestFlags flags);
+ /* Called with graph rdlock held. */
int coroutine_fn (*bdrv_co_preadv_part)(BlockDriverState *bs,
int64_t offset, int64_t bytes,
QEMUIOVector *qiov, size_t qiov_offset,
@@ -60,6 +60,7 @@ static inline int coroutine_fn bdrv_co_pread(BdrvChild *child,
{
QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buf, bytes);
IO_CODE();
+ assert_bdrv_graph_readable();
return bdrv_co_preadv(child, offset, bytes, &qiov, flags);
}
@@ -967,6 +967,8 @@ static void coroutine_fn test_co_delete_by_drain(void *opaque)
void *buffer = g_malloc(65536);
QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buffer, 65536);
+ GRAPH_RDLOCK_GUARD();
+
/* Pretend some internal write operation from parent to child.
* Important: We have to read from the child, not from the parent!
* Draining works by first propagating it all up the tree to the
This function, in addition to be called by a generated_co_wrapper, is also called elsewhere else. The strategy is to always take the lock at the function called when the coroutine is created, to avoid recursive locking. By protecting brdv_co_pread, we also automatically protect the following other generated_co_wrappers: blk_co_pread blk_co_preadv blk_co_preadv_part Protecting bdrv_driver_preadv() implies that the following BlockDriver callbacks always called with graph rdlock taken: - bdrv_co_preadv_part - bdrv_co_preadv - bdrv_aio_preadv - bdrv_co_readv Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> --- block/block-backend.c | 1 + block/io.c | 1 + block/mirror.c | 6 ++++-- include/block/block_int-common.h | 5 +++++ include/block/block_int-io.h | 1 + tests/unit/test-bdrv-drain.c | 2 ++ 6 files changed, 14 insertions(+), 2 deletions(-)