Opened 10 years ago
#12549 new defect
async I/O bug
| Reported by: | Petr Kurtin | Owned by: | |
|---|---|---|---|
| Component: | virtual disk | Version: | VirtualBox 4.3.6 |
| Keywords: | Cc: | ||
| Guest type: | all | Host type: | all |
Description
Hello,
I had some problems with async I/Os so I looked at the implementation in more details. VirtualBox is not able to handle multiple requests, when e.g. VD.cpp!vdIOIntWriteMeta is called several times and crash.
Repro steps:
- Assume VD.cpp!vdIOIntWriteMeta is called (pMetaXfer block is allocated, pfnWriteAsync is called, pMetaXfer is insterted into pTreeMetaXfers).
- Another vdIOIntWriteMeta call is invoked, let's say for the same block. The first request has not been completed yet so pMetaXfer is received (line 4428) from the tree. Assert on line 4443 is invalid, because pMetaXfer->fFlags is set to VDMETAXFER_TXDIR_WRITE. Now, vdMetaXferCompleted is invoked for the first request - pMetaXfer context is removed from the tree (line 3784) and freed (line 3786). When the second request is completed, this request works with already freed pMetaXfer context.
The same problem is also for vdIOIntReadMeta + vdIOIntFlush functions.
I fixed this by referencing volatile VDMETAXFER.cRefs (ASMAtomicDecU32/ASMAtomicIncU32) before I call pfnReadAsync (line 4336)/pfnWriteAsync/pfnFlushAsync functions.
Thanks,
Petr Kurtin
Note:
See TracTickets
for help on using tickets.
