From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LnjtH-0007xm-NO for qemu-devel@nongnu.org; Sat, 28 Mar 2009 21:32:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LnjtD-0007wg-7R for qemu-devel@nongnu.org; Sat, 28 Mar 2009 21:32:47 -0400 Received: from [199.232.76.173] (port=34379 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LnjtC-0007wd-RQ for qemu-devel@nongnu.org; Sat, 28 Mar 2009 21:32:42 -0400 Received: from e4.ny.us.ibm.com ([32.97.182.144]:57523) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LnjtC-00044M-JE for qemu-devel@nongnu.org; Sat, 28 Mar 2009 21:32:42 -0400 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e4.ny.us.ibm.com (8.13.1/8.13.1) with ESMTP id n2T1TWZX027954 for ; Sat, 28 Mar 2009 21:29:32 -0400 Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v9.2) with ESMTP id n2T1WbBI175774 for ; Sat, 28 Mar 2009 21:32:37 -0400 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n2T1WbcJ006518 for ; Sat, 28 Mar 2009 21:32:37 -0400 Received: from squirrel.codemonkey.ws (sig-9-65-208-188.mts.ibm.com [9.65.208.188]) by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n2T1Wafc006509 for ; Sat, 28 Mar 2009 21:32:37 -0400 Message-ID: <49CECFB3.8010407@us.ibm.com> Date: Sat, 28 Mar 2009 20:32:35 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH] check for bs->drv in bdrv_flush References: <20090328183916.GA25875@lst.de> In-Reply-To: <20090328183916.GA25875@lst.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Christoph Hellwig wrote: > All the bdrv_ helpers should check for bs->drv being zero as that means > there is no backend image open. bdrv_flush fails to perform that check > and can thus cause NULL pointer dereferences. > > Found using qemu-io. > Applied. Thanks. FWIW, I plan to include qemu-io once you rebase the series to use IOVectors instead of struct iovec. It looks like a useful tool! Regards, Anthony Liguori > Signed-off-by: Christoph Hellwig > > Index: qemu/block.c > =================================================================== > --- qemu.orig/block.c 2009-03-19 21:48:12.180978074 +0100 > +++ qemu/block.c 2009-03-19 21:48:53.228977807 +0100 > @@ -979,6 +979,8 @@ const char *bdrv_get_device_name(BlockDr > > void bdrv_flush(BlockDriverState *bs) > { > + if (!bs->drv) > + return; > if (bs->drv->bdrv_flush) > bs->drv->bdrv_flush(bs); > if (bs->backing_hd) > > > > >