39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 8353d0d6a31042ba7c54696ef1ec59eb883d647f Mon Sep 17 00:00:00 2001
|
|
From: Zhang Bo <oscar.zhangbo@huawei.com>
|
|
Date: Mon, 29 Aug 2022 15:37:08 +0800
|
|
Subject: [PATCH 4/5] block/nbd: Assert there are no timers when closed
|
|
|
|
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
|
|
they will access freed data when they fire.
|
|
|
|
This patch is separate from the patches that actually fix the issue
|
|
(HEAD^^ and HEAD^) so that you can run the associated regression iotest
|
|
(281) on a configuration that reproducibly exposes the bug.
|
|
|
|
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
|
|
---
|
|
block/nbd.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/block/nbd.c b/block/nbd.c
|
|
index 5ff8a57314..dc6c3f3bbc 100644
|
|
--- a/block/nbd.c
|
|
+++ b/block/nbd.c
|
|
@@ -110,6 +110,10 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
|
|
|
|
yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
|
|
|
|
+ /* Must not leave timers behind that would access freed data */
|
|
+ assert(!s->reconnect_delay_timer);
|
|
+ assert(!s->open_timer);
|
|
+
|
|
object_unref(OBJECT(s->tlscreds));
|
|
qapi_free_SocketAddress(s->saddr);
|
|
s->saddr = NULL;
|
|
--
|
|
2.27.0
|
|
|