| Message ID | C74630D0D1907C4A87964109A262FDDE51EC2406@EXMBX-TJ019.tencent.com |
|---|---|
| State | New |
| Headers | show |
On 2 August 2016 at 11:22, fikshu(忽朝俭) <fikshu@tencent.com> wrote: > From b5e5c01b025e83500ca46628add7f63f42f9b2ab Mon Sep 17 00:00:00 2001 > From: fikshu <fikshu@tencent.com> > Date: Tue, 2 Aug 2016 17:39:16 +0800 > Subject: [PATCH] hw/ide: fix a writing to null pointer exception > > In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL, > and ide_flush_cb calls bdrv_acct_done without check s->bs neither. Finally, > bdrv_acct_done writing s->bs directly! > > Reported-by: fikshu <fikshu@tencent.com> Thanks for this patch. However, this bug has already been fixed in commit f7f3ff1da0c in 2014, which made it into the 2.2 QEMU release in December 2014. We don't support releases that old upstream. So if you're still running 2.1 then (a) I strongly urge you to upgrade (b) if this QEMU is from a Linux distro vendor and they're still supporting it, then you should talk to them about backporting commit f7f3ff1da0c thanks -- PMM
diff --git a/hw/ide/core.c b/hw/ide/core.c index fa4cafa..c39eedc 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret) } } - bdrv_acct_done(s->bs, &s->acct); + if (s->bs){ + bdrv_acct_done(s->bs, &s->acct); + } s->status = READY_STAT | SEEK_STAT; ide_async_cmd_done(s); ide_set_irq(s->bus);
From b5e5c01b025e83500ca46628add7f63f42f9b2ab Mon Sep 17 00:00:00 2001 From: fikshu <fikshu@tencent.com> Date: Tue, 2 Aug 2016 17:39:16 +0800 Subject: [PATCH] hw/ide: fix a writing to null pointer exception In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL, and ide_flush_cb calls bdrv_acct_done without check s->bs neither. Finally, bdrv_acct_done writing s->bs directly! Reported-by: fikshu <fikshu@tencent.com> --- hw/ide/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 1.9.1