From: Emanuele Giuseppe Esposito Date: Thu, 9 Feb 2023 15:45:22 +0000 (-0500) Subject: block/file-posix: don't use functions calling AIO_WAIT_WHILE in worker threads X-Git-Tag: qemu-xen-4.18.0-rc5~317^2~1 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=005ee3cdc79e05b7691c8ce078c147c1f9336814;p=qemu-xen.git block/file-posix: don't use functions calling AIO_WAIT_WHILE in worker threads When calling bdrv_getlength() in handle_aiocb_write_zeroes(), the function creates a new coroutine and then waits that it finishes using AIO_WAIT_WHILE. The problem is that this function could also run in a worker thread, that has a different AioContext from main loop and iothreads, therefore in AIO_WAIT_WHILE we will have in_aio_context_home_thread(ctx) == false and therefore assert(qemu_get_current_aio_context() == qemu_get_aio_context()); in the else branch will fail, crashing QEMU. Aside from that, bdrv_getlength() is wrong also conceptually, because it reads the BDS graph from another thread and is not protected by any lock. Replace it with raw_co_getlength, that doesn't create a coroutine and doesn't read the BDS graph. Reported-by: Ninad Palsule Suggested-by: Kevin Wolf Signed-off-by: Emanuele Giuseppe Esposito Message-Id: <20230209154522.1164401-1-eesposit@redhat.com> Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- diff --git a/block/file-posix.c b/block/file-posix.c index d3073a7caa..9a99111f45 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -1738,7 +1738,7 @@ static int handle_aiocb_write_zeroes(void *opaque) #ifdef CONFIG_FALLOCATE /* Last resort: we are trying to extend the file with zeroed data. This * can be done via fallocate(fd, 0) */ - len = bdrv_getlength(aiocb->bs); + len = raw_co_getlength(aiocb->bs); if (s->has_fallocate && len >= 0 && aiocb->aio_offset >= len) { int ret = do_fallocate(s->fd, 0, aiocb->aio_offset, aiocb->aio_nbytes); if (ret == 0 || ret != -ENOTSUP) {