1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Hanna Reitz <hreitz@redhat.com>
3 Date: Wed, 9 Feb 2022 15:02:54 +0100
4 Subject: [PATCH] block/nbd: Assert there are no timers when closed
6 Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
7 they will access freed data when they fire.
9 This patch is separate from the patches that actually fix the issue
10 (HEAD^^ and HEAD^) so that you can run the associated regression iotest
11 (281) on a configuration that reproducibly exposes the bug.
13 Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
14 Signed-off-by: Hanna Reitz <hreitz@redhat.com>
15 [FE: backport (open_timer doesn't exist yet in 6.2.0)]
16 Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
19 1 file changed, 3 insertions(+)
21 diff --git a/block/nbd.c b/block/nbd.c
22 index b8e5a9b4cc..aab20125d8 100644
25 @@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
27 yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
29 + /* Must not leave timers behind that would access freed data */
30 + assert(!s->reconnect_delay_timer);
32 object_unref(OBJECT(s->tlscreds));
33 qapi_free_SocketAddress(s->saddr);