From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52278) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ai3eN-0002qk-UG for qemu-devel@nongnu.org; Mon, 21 Mar 2016 13:30:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ai3eK-0001JH-FK for qemu-devel@nongnu.org; Mon, 21 Mar 2016 13:29:55 -0400 Received: from e37.co.us.ibm.com ([32.97.110.158]:46649) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ai3eK-0001Iw-1j for qemu-devel@nongnu.org; Mon, 21 Mar 2016 13:29:52 -0400 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 21 Mar 2016 11:29:51 -0600 From: Michael Roth Date: Mon, 21 Mar 2016 12:28:32 -0500 Message-Id: <1458581313-19045-35-git-send-email-mdroth@linux.vnet.ibm.com> In-Reply-To: <1458581313-19045-1-git-send-email-mdroth@linux.vnet.ibm.com> References: <1458581313-19045-1-git-send-email-mdroth@linux.vnet.ibm.com> Subject: [Qemu-devel] [PATCH 34/35] quorum: Fix crash in quorum_aio_cb() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Michael Roth , Alberto Garcia , qemu-stable@nongnu.org, Max Reitz From: Alberto Garcia quorum_aio_cb() emits the QUORUM_REPORT_BAD event if there's an I/O error in a Quorum child. However sacb->aiocb must be correctly initialized for this to happen. read_quorum_children() and read_fifo_child() are not doing this, which results in a QEMU crash. Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz Message-id: 8138570d071ba7e25db3736979234a1fd71dbd05.1457610443.git.berto@igalia.com Signed-off-by: Max Reitz (cherry picked from commit b9c600d20716b3d942cb07188ff998fb236a8365) Signed-off-by: Michael Roth --- block/quorum.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/block/quorum.c b/block/quorum.c index b9ba028..e640688 100644 --- a/block/quorum.c +++ b/block/quorum.c @@ -646,8 +646,9 @@ static BlockAIOCB *read_quorum_children(QuorumAIOCB *acb) } for (i = 0; i < s->num_children; i++) { - bdrv_aio_readv(s->children[i]->bs, acb->sector_num, &acb->qcrs[i].qiov, - acb->nb_sectors, quorum_aio_cb, &acb->qcrs[i]); + acb->qcrs[i].aiocb = bdrv_aio_readv(s->children[i]->bs, acb->sector_num, + &acb->qcrs[i].qiov, acb->nb_sectors, + quorum_aio_cb, &acb->qcrs[i]); } return &acb->common; @@ -662,9 +663,10 @@ static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb) qemu_iovec_init(&acb->qcrs[acb->child_iter].qiov, acb->qiov->niov); qemu_iovec_clone(&acb->qcrs[acb->child_iter].qiov, acb->qiov, acb->qcrs[acb->child_iter].buf); - bdrv_aio_readv(s->children[acb->child_iter]->bs, acb->sector_num, - &acb->qcrs[acb->child_iter].qiov, acb->nb_sectors, - quorum_aio_cb, &acb->qcrs[acb->child_iter]); + acb->qcrs[acb->child_iter].aiocb = + bdrv_aio_readv(s->children[acb->child_iter]->bs, acb->sector_num, + &acb->qcrs[acb->child_iter].qiov, acb->nb_sectors, + quorum_aio_cb, &acb->qcrs[acb->child_iter]); return &acb->common; } -- 1.9.1