diff options
| author | Hanna Reitz <hreitz@redhat.com> | 2022-02-04 12:10:08 +0100 |
|---|---|---|
| committer | Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> | 2022-02-11 14:06:02 +0100 |
| commit | 8a39c381e5e407d2fe5500324323f90a8540fa90 (patch) | |
| tree | 84439b01994a94360e932ec407c3a5cc697e3c78 | |
| parent | 717be9644b25341517a8a3377a5f773fa902810b (diff) | |
| download | qemu-8a39c381e5e407d2fe5500324323f90a8540fa90.zip qemu-8a39c381e5e407d2fe5500324323f90a8540fa90.tar.gz qemu-8a39c381e5e407d2fe5500324323f90a8540fa90.tar.bz2 | |
block/nbd: Assert there are no timers when closed
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
they will access freed data when they fire.
This patch is separate from the patches that actually fix the issue
(HEAD^^ and HEAD^) so that you can run the associated regression iotest
(281) on a configuration that reproducibly exposes the bug.
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
| -rw-r--r-- | block/nbd.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/block/nbd.c b/block/nbd.c index 5ff8a57..dc6c3f3 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -110,6 +110,10 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs) yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name)); + /* Must not leave timers behind that would access freed data */ + assert(!s->reconnect_delay_timer); + assert(!s->open_timer); + object_unref(OBJECT(s->tlscreds)); qapi_free_SocketAddress(s->saddr); s->saddr = NULL; |