| Message ID | 20180626154028.11133-4-pbonzini@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | pr-manager/qemu-pr-helper patches for QEMU 3.0 | expand |
On 06/26/2018 05:40 PM, Paolo Bonzini wrote: > When writing to the qemu-pr-helper socket failed, the persistent > reservation manager was correctly disconnecting the socket, but it > did not clear pr_mgr->ioc. So the rest of the code did not know > that the socket had been disconnected, accessed pr_mgr->ioc and > happily caused a crash. > > To reproduce, it is enough to stop qemu-pr-helper between QEMU > startup and executing e.g. sg_persist -k /dev/sdb. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > scsi/pr-manager-helper.c | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
diff --git a/scsi/pr-manager-helper.c b/scsi/pr-manager-helper.c index 82ff6b6123..0c0fe389b7 100644 --- a/scsi/pr-manager-helper.c +++ b/scsi/pr-manager-helper.c @@ -71,6 +71,7 @@ static int pr_manager_helper_write(PRManagerHelper *pr_mgr, if (n_written <= 0) { assert(n_written != QIO_CHANNEL_ERR_BLOCK); object_unref(OBJECT(pr_mgr->ioc)); + pr_mgr->ioc = NULL; return n_written < 0 ? -EINVAL : 0; }
When writing to the qemu-pr-helper socket failed, the persistent reservation manager was correctly disconnecting the socket, but it did not clear pr_mgr->ioc. So the rest of the code did not know that the socket had been disconnected, accessed pr_mgr->ioc and happily caused a crash. To reproduce, it is enough to stop qemu-pr-helper between QEMU startup and executing e.g. sg_persist -k /dev/sdb. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- scsi/pr-manager-helper.c | 1 + 1 file changed, 1 insertion(+)