@@ -1672,6 +1672,7 @@ blk_co_do_ioctl(BlockBackend *blk, unsigned long int req, void *buf)
IO_CODE();
blk_wait_while_drained(blk);
+ GRAPH_RDLOCK_GUARD();
if (!blk_is_available(blk)) {
return -ENOMEDIUM;
@@ -3007,6 +3007,7 @@ int coroutine_fn bdrv_co_ioctl(BlockDriverState *bs, int req, void *buf)
};
BlockAIOCB *acb;
IO_CODE();
+ assert_bdrv_graph_readable();
bdrv_inc_in_flight(bs);
if (!drv || (!drv->bdrv_aio_ioctl && !drv->bdrv_co_ioctl)) {
@@ -743,10 +743,11 @@ struct BlockDriver {
void (*bdrv_eject)(BlockDriverState *bs, bool eject_flag);
void (*bdrv_lock_medium)(BlockDriverState *bs, bool locked);
- /* to control generic scsi devices */
- BlockAIOCB *(*bdrv_aio_ioctl)(BlockDriverState *bs,
+ /* to control generic scsi devices. Called with graph rdlock taken. */
+ BlockAIOCB *coroutine_fn (*bdrv_aio_ioctl)(BlockDriverState *bs,
unsigned long int req, void *buf,
BlockCompletionFunc *cb, void *opaque);
+ /* Called with graph rdlock taken. */
int coroutine_fn (*bdrv_co_ioctl)(BlockDriverState *bs,
unsigned long int req, void *buf);
The only caller of this function is blk_ioctl, a generated_co_wrapper functions that needs to take the graph read lock. Protecting bdrv_co_ioctl() implies that BlockDriver->bdrv_co_ioctl() is always called with graph rdlock taken, and BlockDriver->bdrv_aio_ioctl is a coroutine_fn callback (called too with rdlock taken). Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> --- block/block-backend.c | 1 + block/io.c | 1 + include/block/block_int-common.h | 5 +++-- 3 files changed, 5 insertions(+), 2 deletions(-)