aboutsummaryrefslogtreecommitdiff
path: root/block/nbd.c
diff options
context:
space:
mode:
authorHanna Reitz <hreitz@redhat.com>2022-02-04 12:10:08 +0100
committerVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>2022-02-11 14:06:02 +0100
commit8a39c381e5e407d2fe5500324323f90a8540fa90 (patch)
tree84439b01994a94360e932ec407c3a5cc697e3c78 /block/nbd.c
parent717be9644b25341517a8a3377a5f773fa902810b (diff)
downloadqemu-8a39c381e5e407d2fe5500324323f90a8540fa90.zip
qemu-8a39c381e5e407d2fe5500324323f90a8540fa90.tar.gz
qemu-8a39c381e5e407d2fe5500324323f90a8540fa90.tar.bz2
block/nbd: Assert there are no timers when closed
Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or they will access freed data when they fire. This patch is separate from the patches that actually fix the issue (HEAD^^ and HEAD^) so that you can run the associated regression iotest (281) on a configuration that reproducibly exposes the bug. Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Diffstat (limited to 'block/nbd.c')
-rw-r--r--block/nbd.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/block/nbd.c b/block/nbd.c
index 5ff8a57..dc6c3f3 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -110,6 +110,10 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
+ /* Must not leave timers behind that would access freed data */
+ assert(!s->reconnect_delay_timer);
+ assert(!s->open_timer);
+
object_unref(OBJECT(s->tlscreds));
qapi_free_SocketAddress(s->saddr);
s->saddr = NULL;