mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nbd: release exp->blk after all clients are closed

Browse Source 
If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.

Reported-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <55F929E2.1020501@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Wen Congyang 2015-09-16 16:35:46 +08:00 committed by Paolo Bonzini
parent 04f2562f8e
commit d626834849
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nbd.c
View File

@ -1131,12 +1131,6 @@ void nbd_export_close(NBDExport *exp)
} }
nbd_export_set_name(exp, NULL); nbd_export_set_name(exp, NULL);
nbd_export_put(exp); nbd_export_put(exp);
if (exp->blk) {
blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
blk_aio_detach, exp);
blk_unref(exp->blk);
exp->blk = NULL;
}
} }
void nbd_export_get(NBDExport *exp) void nbd_export_get(NBDExport *exp)
@ -1159,6 +1153,13 @@ void nbd_export_put(NBDExport *exp)
exp->close(exp); exp->close(exp);
} }
if (exp->blk) {
blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
blk_aio_detach, exp);
blk_unref(exp->blk);
exp->blk = NULL;
}
g_free(exp); g_free(exp);
} }
} }
@ -1305,6 +1306,14 @@ static void nbd_trip(void *opaque)
goto invalid_request; goto invalid_request;
} }
if (client->closing) {
/*
* The client may be closed when we are blocked in
* nbd_co_receive_request()
*/
goto done;
}
switch (command) { switch (command) {
case NBD_CMD_READ: case NBD_CMD_READ:
TRACE("Request type is READ"); TRACE("Request type is READ");