From: Stefan Hajnoczi <stefanha@redhat.com>
To: qemu-devel@nongnu.org
Cc: Anthony Liguori <aliguori@us.ibm.com>
Subject: [Qemu-devel] [PATCH 06/28] blockdev: Keep a copy of DriveInfo.serial
Date: Fri, 15 Mar 2013 16:14:03 +0100 [thread overview]
Message-ID: <1363360465-5247-7-git-send-email-stefanha@redhat.com> (raw)
In-Reply-To: <1363360465-5247-1-git-send-email-stefanha@redhat.com>
From: Kevin Wolf <kwolf@redhat.com>
Pointing to a QemuOpts element is surprising and can lead to subtle
use-after-free errors when the QemuOpts is freed after all options are
parsed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
blockdev.c | 5 ++++-
include/sysemu/blockdev.h | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index d679174..acf1c32 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -191,6 +191,7 @@ static void drive_uninit(DriveInfo *dinfo)
bdrv_delete(dinfo->bdrv);
g_free(dinfo->id);
QTAILQ_REMOVE(&drives, dinfo, next);
+ g_free(dinfo->serial);
g_free(dinfo);
}
@@ -566,7 +567,9 @@ DriveInfo *drive_init(QemuOpts *opts, BlockInterfaceType block_default_type)
dinfo->trans = translation;
dinfo->opts = opts;
dinfo->refcount = 1;
- dinfo->serial = serial;
+ if (serial != NULL) {
+ dinfo->serial = g_strdup(serial);
+ }
QTAILQ_INSERT_TAIL(&drives, dinfo, next);
bdrv_set_on_error(dinfo->bdrv, on_read_error, on_write_error);
diff --git a/include/sysemu/blockdev.h b/include/sysemu/blockdev.h
index 1fe5332..804ec88 100644
--- a/include/sysemu/blockdev.h
+++ b/include/sysemu/blockdev.h
@@ -40,7 +40,7 @@ struct DriveInfo {
int media_cd;
int cyls, heads, secs, trans;
QemuOpts *opts;
- const char *serial;
+ char *serial;
QTAILQ_ENTRY(DriveInfo) next;
int refcount;
};
--
1.8.1.4
next prev parent reply other threads:[~2013-03-15 15:15 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 15:13 [Qemu-devel] [PULL 00/28] Block patches Stefan Hajnoczi
2013-03-15 15:13 ` [Qemu-devel] [PATCH 01/28] block: Add options QDict to .bdrv_open() Stefan Hajnoczi
2013-03-15 15:13 ` [Qemu-devel] [PATCH 02/28] block: Add options QDict to bdrv_open() prototype Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 03/28] Add qdict_clone_shallow() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 04/28] block: Add options QDict to bdrv_open_common() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 05/28] qemu-option: Add qemu_opts_absorb_qdict() Stefan Hajnoczi
2013-03-15 15:14 ` Stefan Hajnoczi [this message]
2013-03-15 15:14 ` [Qemu-devel] [PATCH 07/28] block: Support driver specific options in drive_init() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 08/28] qcow2: Allow lazy refcounts to be enabled on the command line Stefan Hajnoczi
2013-03-15 17:02 ` Paolo Bonzini
2013-03-15 17:35 ` Anthony Liguori
2013-03-15 15:14 ` [Qemu-devel] [PATCH 09/28] qcow2: flush refcount cache correctly in alloc_refcount_block() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 10/28] qcow2: flush refcount cache correctly in qcow2_write_snapshots() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 11/28] qcow2: set L2 cache dependency in qcow2_alloc_bytes() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 12/28] qcow2: flush in qcow2_update_snapshot_refcount() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 13/28] qcow2: drop flush in update_cluster_refcount() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 14/28] qcow2: drop unnecessary flush in qcow2_update_snapshot_refcount() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 15/28] qcow2: make is_allocated return true for zero clusters Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 16/28] sheepdog: use non-blocking fd in coroutine context Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 17/28] sheepdog: set io_flush handler in do_co_req Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 18/28] main-loop: add qemu_get_aio_context() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 19/28] threadpool: move globals into struct ThreadPool Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 20/28] threadpool: add thread_pool_new() and thread_pool_free() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 21/28] aio: add a ThreadPool instance to AioContext Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 22/28] block: add bdrv_get_aio_context() Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 23/28] threadpool: drop global thread pool Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 24/28] coroutine: use AioContext for CoQueue BH Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 25/28] dataplane: fix hang introduced by AioContext transition Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 26/28] qemu-iotests: add tests for rebasing zero clusters Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 27/28] qemu-iotests: use -nographic in test case 007 Stefan Hajnoczi
2013-03-15 15:14 ` [Qemu-devel] [PATCH 28/28] blockdev: Fix up copyright and permission notice Stefan Hajnoczi
2013-03-15 15:46 ` [Qemu-devel] [PULL 00/28] Block patches Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1363360465-5247-7-git-send-email-stefanha@redhat.com \
--to=stefanha@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).