[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qemu-nbd: NULL nbd export pointer dereference a
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [PATCH] qemu-nbd: NULL nbd export pointer dereference after kill (TERMINATE) |
|
Date: |
Mon, 11 Aug 2014 15:45:45 +0100 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Sat, Aug 09, 2014 at 11:33:14AM +0800, Zhang Haoyu wrote:
> After receive TERMINATE signal, qemu nbd state is set to TERMINATE, then in
> the main loop,
> nbd_export_close -> nbd_export_put is performed, but sometimes exp->refcount
> still greater than zero after nbd_export_put,
> so the qemu nbd state has not been set to TERMINATED, then in next cycle,
> NULL exp will be dereference.
> do {
> main_loop_wait(false);
> if (state == TERMINATE) {
> state = TERMINATING;
> nbd_export_close(exp);
> nbd_export_put(exp);
> exp = NULL;
> }
> } while (state != TERMINATED);
Please describe the scenario where refcount is greater than zero. The
commit description should describe the bug and how to reproduce it.
Do you have a test case that reproduces this crash?
Please look at QEMU's ./MAINTAINERS file and CC the appropriate people.
I have CCed Paolo Bonzini since he is the NBD maintainer. If you do not
CC the maintainers they may miss your patch.
Please
pgp3TxU62v_0b.pgp
Description: PGP signature