[Qemu-devel] [PATCH] check for bs->drv in bdrv

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush
@ 2009-03-28 18:39 Christoph Hellwig
  2009-03-29  1:32 ` Anthony Liguori
  0 siblings, 1 reply; 3+ messages in thread
From: Christoph Hellwig @ 2009-03-28 18:39 UTC (permalink / raw)
  To: qemu-devel

All the bdrv_ helpers should check for bs->drv being zero as that means
there is no backend image open.  bdrv_flush fails to perform that check
and can thus cause NULL pointer dereferences.

Found using qemu-io.


Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: qemu/block.c
===================================================================
--- qemu.orig/block.c	2009-03-19 21:48:12.180978074 +0100
+++ qemu/block.c	2009-03-19 21:48:53.228977807 +0100
@@ -979,6 +979,8 @@ const char *bdrv_get_device_name(BlockDr
 
 void bdrv_flush(BlockDriverState *bs)
 {
+    if (!bs->drv)
+        return;
     if (bs->drv->bdrv_flush)
         bs->drv->bdrv_flush(bs);
     if (bs->backing_hd)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush
  2009-03-28 18:39 [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush Christoph Hellwig
@ 2009-03-29  1:32 ` Anthony Liguori
  2009-03-29  7:31   ` Christoph Hellwig
  0 siblings, 1 reply; 3+ messages in thread
From: Anthony Liguori @ 2009-03-29  1:32 UTC (permalink / raw)
  To: qemu-devel

Christoph Hellwig wrote:
> All the bdrv_ helpers should check for bs->drv being zero as that means
> there is no backend image open.  bdrv_flush fails to perform that check
> and can thus cause NULL pointer dereferences.
>
> Found using qemu-io.
>   

Applied.  Thanks.

FWIW, I plan to include qemu-io once you rebase the series to use 
IOVectors instead of struct iovec.  It looks like a useful tool!

Regards,

Anthony Liguori

> Signed-off-by: Christoph Hellwig <hch@lst.de>
>
> Index: qemu/block.c
> ===================================================================
> --- qemu.orig/block.c	2009-03-19 21:48:12.180978074 +0100
> +++ qemu/block.c	2009-03-19 21:48:53.228977807 +0100
> @@ -979,6 +979,8 @@ const char *bdrv_get_device_name(BlockDr
>  
>  void bdrv_flush(BlockDriverState *bs)
>  {
> +    if (!bs->drv)
> +        return;
>      if (bs->drv->bdrv_flush)
>          bs->drv->bdrv_flush(bs);
>      if (bs->backing_hd)
>
>
>
>
>   

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush
  2009-03-29  1:32 ` Anthony Liguori
@ 2009-03-29  7:31   ` Christoph Hellwig
  0 siblings, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2009-03-29  7:31 UTC (permalink / raw)
  To: qemu-devel

On Sat, Mar 28, 2009 at 08:32:35PM -0500, Anthony Liguori wrote:
> Christoph Hellwig wrote:
> >All the bdrv_ helpers should check for bs->drv being zero as that means
> >there is no backend image open.  bdrv_flush fails to perform that check
> >and can thus cause NULL pointer dereferences.
> >
> >Found using qemu-io.
> >  
> 
> Applied.  Thanks.
> 
> FWIW, I plan to include qemu-io once you rebase the series to use 
> IOVectors instead of struct iovec.  It looks like a useful tool!

The repost already uses QEMUIOVectors, I'll resend it with a
formal description.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-03-29  7:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-28 18:39 [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush Christoph Hellwig
2009-03-29  1:32 ` Anthony Liguori
2009-03-29  7:31   ` Christoph Hellwig

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).