[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] Segfault on block/nbd.c disconnect in QEMU 1.4.1
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-stable] Segfault on block/nbd.c disconnect in QEMU 1.4.1 |
Date: |
Wed, 8 May 2013 21:54:14 +0200 |
Hi Nick,
The segfault you reported on IRC has been fixed in qemu.git/master by
the following commit:
commit 6760c47aa42ce30efdd12c132f73c8749c575995
Author: Stefan Hajnoczi <address@hidden>
Date: Mon Apr 15 16:14:46 2013 +0200
nbd: unlock mutex in nbd_co_send_request() error path
QEMU 1.5-rc0 includes the fix. If there is a 1.4.2 release, then I
suggest including this patch.
I was able to trigger the segfault with multiple dd processes writing
to the NBD disk inside the guest. It was not possible to trigger the
segfault with a single dd process alone.
Before the fix is applied, the broken error code path leaves
s->send_coroutine assigned when in fact it should be cleared. It also
leaves the fd handler registered.
As a result, the main loop picks up the socket close event and invokes
nbd_restart_write(), which will enter a coroutine which has already
been freed. This is the point where we see the bizarre segfault.
Stefan
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-stable] Segfault on block/nbd.c disconnect in QEMU 1.4.1,
Stefan Hajnoczi <=