• Paolo Bonzini's avatar
    block: wait for job callback in block_job_cancel_sync · fa4478d5
    Paolo Bonzini authored
    The limitation on not having I/O after cancellation cannot really be
    kept.  Even streaming has a very small race window where you could
    cancel a job and have it report completion.  If this window is hit,
    bdrv_change_backing_file() will yield and possibly cause accesses to
    dangling pointers etc.
    
    So, let's just assume that we cannot know exactly what will happen
    after the coroutine has set busy to false.  We can set a very lax
    condition:
    
    - if we cancel the job, the coroutine won't set it to false again
    (and hence will not call co_sleep_ns again).
    
    - block_job_cancel_sync will wait for the coroutine to exit, which
    pretty much ensures no race.
    
    Instead, we track the coroutine that executes the job and put very
    strict conditions on what to do while it is quiescent (busy = false).
    First of all, the coroutine must never set busy = false while the job
    has been cancelled.  Second, the coroutine can be reentered arbitrarily
    while it is quiescent, so you cannot really do anything but co_sleep_ns at
    that time.  This condition is obeyed by the block_job_sleep_ns function.
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
    fa4478d5
block_int.h 16.2 KB