From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47772)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1UmXWA-0007EH-M0
	for qemu-devel@nongnu.org; Tue, 11 Jun 2013 18:58:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1UmXW9-00030S-L9
	for qemu-devel@nongnu.org; Tue, 11 Jun 2013 18:58:22 -0400
Sender: fluxion <flukshun@gmail.com>
Date: Tue, 11 Jun 2013 17:58:05 -0500
From: mdroth <mdroth@linux.vnet.ibm.com>
Message-ID: <20130611225805.GD12585@vm>
References: <1369923286-22260-1-git-send-email-stefanha@redhat.com>
	<1369923286-22260-2-git-send-email-stefanha@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1369923286-22260-2-git-send-email-stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 1/3] vhost-scsi: fix
 k->set_guest_notifiers() NULL dereference
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: pbonzini@redhat.com
Cc: Markus Armbruster <armbru@redhat.com>, qemu-stable@nongnu.org, Nicholas Bellinger <nab@linux-iscsi.org>, qemu-devel@nongnu.org, stefanha@redhat.com, Asias He <asias@redhat.com>

On Thu, May 30, 2013 at 04:14:44PM +0200, Stefan Hajnoczi wrote:
> Coverity picked up a copy-paste bug.  In vhost_scsi_start() we check for
> !k->set_guest_notifiers and error out.  The check probably got copied
> but instead of erroring we actually use the function pointer!
> 
> Cc: Nicholas Bellinger <nab@linux-iscsi.org>
> Cc: Asias He <asias@redhat.com>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Hi Paolo,

Looking to pick this up for 1.5.1 along with a few other goodies in your
scsi branch:

iscsi: reorganize iscsi_readcapacity_sync
iscsi: simplify freeing of tasks
scsi-disk: scsi-block device for scsi pass-through should not be remo…
scsi-generic: check the return value of bdrv_aio_ioctl in execute_com…
scsi-generic: fix sign extension of READ CAPACITY(10) data
scsi: reset cdrom tray statuses on scsi_disk_reset

Freeze for 1.5.1 is planned for June 19. Willing to pluck from
maintainer branches for the more important ones but would prefer
upstream if you can send a PULL for these.

> ---
>  hw/scsi/vhost-scsi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
> index d7a1c33..785e93f 100644
> --- a/hw/scsi/vhost-scsi.c
> +++ b/hw/scsi/vhost-scsi.c
> @@ -123,7 +123,7 @@ static void vhost_scsi_stop(VHostSCSI *s)
>      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
>      int ret = 0;
> 
> -    if (!k->set_guest_notifiers) {
> +    if (k->set_guest_notifiers) {
>          ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false);
>          if (ret < 0) {
>                  error_report("vhost guest notifier cleanup failed: %d\n", ret);
> -- 
> 1.8.1.4
> 
>