From: "Benoît Canet" <benoit.canet@irqsave.net>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: pbonzini@redhat.com, famz@redhat.com, qemu-devel@nongnu.org,
stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH v2] curl: Don't deref NULL pointer in call to aio_poll.
Date: Thu, 28 Aug 2014 16:54:48 +0200 [thread overview]
Message-ID: <20140828145448.GD28789@irqsave.net> (raw)
In-Reply-To: <1409213061-15562-2-git-send-email-rjones@redhat.com>
The Thursday 28 Aug 2014 à 09:04:21 (+0100), Richard W.M. Jones wrote :
> In commit 63f0f45f2e89b60ff8245fec81328ddfde42a303 the following
> mechanical change was made:
>
> if (!state) {
> - qemu_aio_wait();
> + aio_poll(state->s->aio_context, true);
> }
>
> The new code now checks if state is NULL and then dereferences it
> ('state->s') which is obviously incorrect.
>
> This commit replaces state->s->aio_context with
> bdrv_get_aio_context(bs), fixing this problem. The two other hunks
> are concerned with getting the BlockDriverState pointer bs to where it
> is needed.
>
> The original bug causes a segfault when using libguestfs to access a
> VMware vCenter Server and doing any kind of complex read-heavy
> operations. With this commit the segfault goes away.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> block/curl.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/block/curl.c b/block/curl.c
> index d4b85d2..f59615d 100644
> --- a/block/curl.c
> +++ b/block/curl.c
> @@ -352,7 +352,7 @@ static void curl_multi_timeout_do(void *arg)
> #endif
> }
>
> -static CURLState *curl_init_state(BDRVCURLState *s)
> +static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
> {
> CURLState *state = NULL;
> int i, j;
> @@ -370,7 +370,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
> break;
> }
> if (!state) {
> - aio_poll(state->s->aio_context, true);
> + aio_poll(bdrv_get_aio_context(bs), true);
> }
> } while(!state);
>
> @@ -541,7 +541,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
> DPRINTF("CURL: Opening %s\n", file);
> s->aio_context = bdrv_get_aio_context(bs);
> s->url = g_strdup(file);
> - state = curl_init_state(s);
> + state = curl_init_state(bs, s);
> if (!state)
> goto out_noclean;
>
> @@ -625,7 +625,7 @@ static void curl_readv_bh_cb(void *p)
> }
>
> // No cache found, so let's start a new request
> - state = curl_init_state(s);
> + state = curl_init_state(acb->common.bs, s);
> if (!state) {
> acb->common.cb(acb->common.opaque, -EIO);
> qemu_aio_release(acb);
> --
> 2.0.4
>
>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
next prev parent reply other threads:[~2014-08-28 14:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-28 8:04 [Qemu-devel] [PATCH v2] curl: Don't deref NULL pointer in call to aio_poll Richard W.M. Jones
2014-08-28 8:04 ` Richard W.M. Jones
2014-08-28 14:54 ` Benoît Canet [this message]
2014-08-29 9:03 ` Stefan Hajnoczi
2014-08-29 9:19 ` Richard W.M. Jones
2014-08-29 15:13 ` Stefan Hajnoczi
2014-08-29 15:19 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140828145448.GD28789@irqsave.net \
--to=benoit.canet@irqsave.net \
--cc=famz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.