From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48053) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bICA0-0005Gz-LT for qemu-devel@nongnu.org; Wed, 29 Jun 2016 05:51:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bIC9y-0006mq-I2 for qemu-devel@nongnu.org; Wed, 29 Jun 2016 05:51:55 -0400 Date: Wed, 29 Jun 2016 11:51:45 +0200 From: Kevin Wolf Message-ID: <20160629095145.GA4831@noname.redhat.com> References: <1466667001-10167-1-git-send-email-kwolf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1466667001-10167-1-git-send-email-kwolf@redhat.com> Subject: Re: [Qemu-devel] [PATCH] block/qdev: Fix NULL access when using BB twice List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-block@nongnu.org Cc: qemu-devel@nongnu.org Am 23.06.2016 um 09:30 hat Kevin Wolf geschrieben: > BlockBackend has only a single pointer to its guest device, so it makes > sure that only a single guest device is attached to it. device-add > returns an error if you try to attach a second device to a BB. In order > to make the error message nicer, -device that manually connects to a > if=none block device get a different message than -drive that implicitly > creates a guest device. The if=... option is stored in DriveInfo. > > However, since blockdev-add exists, not every BlockBackend has a > DriveInfo any more. Check that it exists before we dereference it. > > QMP reproducer resulting in a segfault: > > {"execute":"blockdev-add","arguments":{"options":{"id":"disk","driver":"file","filename":"/tmp/test.img"}}} > {"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}} > {"execute":"device_add","arguments":{"driver":"virtio-blk-pci","drive":"disk"}} > > Signed-off-by: Kevin Wolf Applied to my block branch. Kevin