@@ -3311,9 +3311,13 @@ out:
aio_context_release(aio_context);
}
-/* Get a block job using its ID and acquire its AioContext */
-static BlockJob *find_block_job(const char *id, AioContext **aio_context,
- Error **errp)
+/*
+ * Get a block job using its ID and acquire its AioContext.
+ * Called with job_mutex held.
+ */
+static BlockJob *find_block_job_locked(const char *id,
+ AioContext **aio_context,
+ Error **errp)
{
BlockJob *job;
@@ -3322,7 +3326,6 @@ static BlockJob *find_block_job(const char *id, AioContext **aio_context,
*aio_context = NULL;
job = block_job_get(id);
-
if (!job) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_ACTIVE,
"Block job '%s' not found", id);
@@ -3338,7 +3341,10 @@ static BlockJob *find_block_job(const char *id, AioContext **aio_context,
void qmp_block_job_set_speed(const char *device, int64_t speed, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(device, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(device, &aio_context, errp);
if (!job) {
return;
@@ -3352,7 +3358,10 @@ void qmp_block_job_cancel(const char *device,
bool has_force, bool force, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(device, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(device, &aio_context, errp);
if (!job) {
return;
@@ -3377,7 +3386,10 @@ out:
void qmp_block_job_pause(const char *device, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(device, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(device, &aio_context, errp);
if (!job) {
return;
@@ -3391,7 +3403,10 @@ void qmp_block_job_pause(const char *device, Error **errp)
void qmp_block_job_resume(const char *device, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(device, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(device, &aio_context, errp);
if (!job) {
return;
@@ -3405,7 +3420,10 @@ void qmp_block_job_resume(const char *device, Error **errp)
void qmp_block_job_complete(const char *device, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(device, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(device, &aio_context, errp);
if (!job) {
return;
@@ -3419,7 +3437,10 @@ void qmp_block_job_complete(const char *device, Error **errp)
void qmp_block_job_finalize(const char *id, Error **errp)
{
AioContext *aio_context;
- BlockJob *job = find_block_job(id, &aio_context, errp);
+ BlockJob *job;
+
+ JOB_LOCK_GUARD();
+ job = find_block_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -3442,9 +3463,12 @@ void qmp_block_job_finalize(const char *id, Error **errp)
void qmp_block_job_dismiss(const char *id, Error **errp)
{
AioContext *aio_context;
- BlockJob *bjob = find_block_job(id, &aio_context, errp);
+ BlockJob *bjob;
Job *job;
+ JOB_LOCK_GUARD();
+ bjob = find_block_job_locked(id, &aio_context, errp);
+
if (!bjob) {
return;
}
@@ -29,8 +29,11 @@
#include "qapi/error.h"
#include "trace/trace-root.h"
-/* Get a job using its ID and acquire its AioContext */
-static Job *find_job(const char *id, AioContext **aio_context, Error **errp)
+/*
+ * Get a block job using its ID and acquire its AioContext.
+ * Called with job_mutex held.
+ */
+static Job *find_job_locked(const char *id, AioContext **aio_context, Error **errp)
{
Job *job;
@@ -51,7 +54,10 @@ static Job *find_job(const char *id, AioContext **aio_context, Error **errp)
void qmp_job_cancel(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -65,7 +71,10 @@ void qmp_job_cancel(const char *id, Error **errp)
void qmp_job_pause(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -79,7 +88,10 @@ void qmp_job_pause(const char *id, Error **errp)
void qmp_job_resume(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -93,7 +105,10 @@ void qmp_job_resume(const char *id, Error **errp)
void qmp_job_complete(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -107,7 +122,10 @@ void qmp_job_complete(const char *id, Error **errp)
void qmp_job_finalize(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
@@ -130,7 +148,10 @@ void qmp_job_finalize(const char *id, Error **errp)
void qmp_job_dismiss(const char *id, Error **errp)
{
AioContext *aio_context;
- Job *job = find_job(id, &aio_context, errp);
+ Job *job;
+
+ JOB_LOCK_GUARD();
+ job = find_job_locked(id, &aio_context, errp);
if (!job) {
return;
Both blockdev.c and job-qmp.c have TOC/TOU conditions, because they first search for the job and then perform an action on it. Therefore, we need to do the search + action under the same job mutex critical section. Note: at this stage, job_{lock/unlock} and job lock guard macros are *nop*. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> --- blockdev.c | 46 +++++++++++++++++++++++++++++++++++----------- job-qmp.c | 37 +++++++++++++++++++++++++++++-------- 2 files changed, 64 insertions(+), 19 deletions(-)