blockdev: check dinfo ptr before using
If a user decides to punish a guest by revoking its block device via drive_del, and subsequently also attempts to remove the pci device backing it, and the device is using blockdev_auto_del() then we get a segfault when we attempt to access dinfo->auto_del.[1] The fix is to check if drive_get_by_blockdev() actually returns a valid dinfo pointer or not. 1. (qemu) pci_add auto storage file=images/test01.raw,if=virtio,id=block1,snapshot=on (qemu) drive_del block1 (qemu) pci_del 5 *segfault* Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Tested-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
parent
9d861fa595
commit
0fc0f1fa7f
@ -30,14 +30,16 @@ void blockdev_mark_auto_del(BlockDriverState *bs)
|
|||||||
{
|
{
|
||||||
DriveInfo *dinfo = drive_get_by_blockdev(bs);
|
DriveInfo *dinfo = drive_get_by_blockdev(bs);
|
||||||
|
|
||||||
|
if (dinfo) {
|
||||||
dinfo->auto_del = 1;
|
dinfo->auto_del = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void blockdev_auto_del(BlockDriverState *bs)
|
void blockdev_auto_del(BlockDriverState *bs)
|
||||||
{
|
{
|
||||||
DriveInfo *dinfo = drive_get_by_blockdev(bs);
|
DriveInfo *dinfo = drive_get_by_blockdev(bs);
|
||||||
|
|
||||||
if (dinfo->auto_del) {
|
if (dinfo && dinfo->auto_del) {
|
||||||
drive_uninit(dinfo);
|
drive_uninit(dinfo);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user