]>
Commit | Line | Data |
---|---|---|
4567474e FE |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Hanna Reitz <hreitz@redhat.com> | |
3 | Date: Wed, 9 Feb 2022 15:02:54 +0100 | |
4 | Subject: [PATCH] block/nbd: Assert there are no timers when closed | |
5 | ||
6 | Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or | |
7 | they will access freed data when they fire. | |
8 | ||
9 | This patch is separate from the patches that actually fix the issue | |
10 | (HEAD^^ and HEAD^) so that you can run the associated regression iotest | |
11 | (281) on a configuration that reproducibly exposes the bug. | |
12 | ||
13 | Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> | |
14 | Signed-off-by: Hanna Reitz <hreitz@redhat.com> | |
15 | [FE: backport (open_timer doesn't exist yet in 6.2.0)] | |
16 | Signed-off-by: Fabian Ebner <f.ebner@proxmox.com> | |
17 | --- | |
18 | block/nbd.c | 3 +++ | |
19 | 1 file changed, 3 insertions(+) | |
20 | ||
21 | diff --git a/block/nbd.c b/block/nbd.c | |
22 | index b8e5a9b4cc..aab20125d8 100644 | |
23 | --- a/block/nbd.c | |
24 | +++ b/block/nbd.c | |
25 | @@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs) | |
26 | ||
27 | yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name)); | |
28 | ||
29 | + /* Must not leave timers behind that would access freed data */ | |
30 | + assert(!s->reconnect_delay_timer); | |
31 | + | |
32 | object_unref(OBJECT(s->tlscreds)); | |
33 | qapi_free_SocketAddress(s->saddr); | |
34 | s->saddr = NULL; |