From: Stefan Hajnoczi <stefanha@gmail.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing
Date: Wed, 14 Nov 2012 09:32:01 +0100 [thread overview]
Message-ID: <20121114083201.GA23826@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <1352816095-14051-3-git-send-email-kwolf@redhat.com>
On Tue, Nov 13, 2012 at 03:14:55PM +0100, Kevin Wolf wrote:
> @@ -691,12 +685,15 @@ static int bdrv_open_common(BlockDriverState *bs, const char *filename,
>
> /* Open the image, either directly or using a protocol */
> if (drv->bdrv_file_open) {
> + if (file != NULL) {
> + bdrv_swap(file, bs);
> + bdrv_delete(file);
> + }
> ret = drv->bdrv_file_open(bs, filename, open_flags);
> } else {
[...]
> /* Open the image */
> - ret = bdrv_open_common(bs, filename, flags, drv);
> + ret = bdrv_open_common(bs, file, filename, flags, drv);
> if (ret < 0) {
> goto unlink_and_fail;
> }
> @@ -894,6 +895,9 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
> return 0;
>
> unlink_and_fail:
> + if (file != NULL) {
> + bdrv_delete(file);
> + }
Not sure I understand this code path.
We have a protocol (the driver implements .bdrv_file_open()) so we swap
file and bs, then delete old bs. Then we call .bdrv_file_open() on the
already open file BDS.
Is it okay to call .bdrv_file_open() on an already open BDS?
Now if .bdrv_file_open() fails we will bdrv_delete() the already deleted
file BDS. This is a double-free.
Stefan
next prev parent reply other threads:[~2012-11-14 8:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 14:14 [Qemu-devel] [PATCH 0/2] block: Avoid second open for format probing Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 1/2] block: Factor out bdrv_open_flags Kevin Wolf
2012-11-13 14:14 ` [Qemu-devel] [PATCH 2/2] block: Avoid second open for format probing Kevin Wolf
2012-11-14 8:32 ` Stefan Hajnoczi [this message]
2012-11-14 8:51 ` Paolo Bonzini
2012-11-14 9:03 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121114083201.GA23826@stefanha-thinkpad.redhat.com \
--to=stefanha@gmail.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.