[Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception
@ 2016-08-02 10:22 fikshu(忽朝俭)
  2016-08-02 14:18 ` Peter Maydell
  0 siblings, 1 reply; 5+ messages in thread
From: fikshu(忽朝俭) @ 2016-08-02 10:22 UTC (permalink / raw)
  To: qemu-devel; +Cc: kwolf, stefanha, qemu-trivial

From b5e5c01b025e83500ca46628add7f63f42f9b2ab Mon Sep 17 00:00:00 2001
From: fikshu <fikshu@tencent.com>
Date: Tue, 2 Aug 2016 17:39:16 +0800
Subject: [PATCH] hw/ide: fix a writing to null pointer exception

In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
and ide_flush_cb calls bdrv_acct_done without check s->bs neither. Finally,
bdrv_acct_done writing s->bs directly!

Reported-by: fikshu <fikshu@tencent.com>

---
hw/ide/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index fa4cafa..c39eedc 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret)
}
}

- bdrv_acct_done(s->bs, &s->acct);
+ if (s->bs){
+ bdrv_acct_done(s->bs, &s->acct);
+ }
s->status = READY_STAT | SEEK_STAT;
ide_async_cmd_done(s);
ide_set_irq(s->bus);
--
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception
  2016-08-02 10:22 [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception fikshu(忽朝俭)
@ 2016-08-02 14:18 ` Peter Maydell
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2016-08-02 14:18 UTC (permalink / raw)
  To: fikshu(忽朝俭)
  Cc: qemu-devel, kwolf, qemu-trivial, stefanha

On 2 August 2016 at 11:22, fikshu(忽朝俭) <fikshu@tencent.com> wrote:
> From b5e5c01b025e83500ca46628add7f63f42f9b2ab Mon Sep 17 00:00:00 2001
> From: fikshu <fikshu@tencent.com>
> Date: Tue, 2 Aug 2016 17:39:16 +0800
> Subject: [PATCH] hw/ide: fix a writing to null pointer exception
>
> In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
> and ide_flush_cb calls bdrv_acct_done without check s->bs neither. Finally,
> bdrv_acct_done writing s->bs directly!
>
> Reported-by: fikshu <fikshu@tencent.com>

Thanks for this patch. However, this bug has already been fixed
in commit f7f3ff1da0c in 2014, which made it into the 2.2
QEMU release in December 2014. We don't support releases
that old upstream. So if you're still running 2.1 then
(a) I strongly urge you to upgrade
(b) if this QEMU is from a Linux distro vendor and they're
still supporting it, then you should talk to them about
backporting commit f7f3ff1da0c

thanks
-- PMM

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception
@ 2016-08-02 12:15 chaojianhu
  0 siblings, 0 replies; 5+ messages in thread
From: chaojianhu @ 2016-08-02 12:15 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-trivial, kwolf, stefanha, chaojianhu

From: chaojianhu <chaojianhu@hotmail.com>
Date: Tue, 2 Aug 2016 17:39:16 +0800
Subject: [PATCH] hw/ide: fix a writing to null pointer exception

In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
and ide_flush_cb calls bdrv_acct_done without checking s->bs neither. Finally, 
bdrv_acct_done writes s->bs directly!

Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>

---
 hw/ide/core.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index fa4cafa..c39eedc 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret)
         }
     }
 
-    bdrv_acct_done(s->bs, &s->acct);
+    if (s->bs){
+        bdrv_acct_done(s->bs, &s->acct);
+    }
     s->status = READY_STAT | SEEK_STAT;
     ide_async_cmd_done(s);
     ide_set_irq(s->bus);
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception
@ 2016-08-02 12:14 chaojianhu
  0 siblings, 0 replies; 5+ messages in thread
From: chaojianhu @ 2016-08-02 12:14 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-trivial, chaojianhu

From: chaojianhu <chaojianhu@hotmail.com>
Date: Tue, 2 Aug 2016 17:39:16 +0800
Subject: [PATCH] hw/ide: fix a writing to null pointer exception

In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
and ide_flush_cb calls bdrv_acct_done without checking s->bs neither. Finally, 
bdrv_acct_done writes s->bs directly!

Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>

---
 hw/ide/core.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index fa4cafa..c39eedc 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret)
         }
     }
 
-    bdrv_acct_done(s->bs, &s->acct);
+    if (s->bs){
+        bdrv_acct_done(s->bs, &s->acct);
+    }
     s->status = READY_STAT | SEEK_STAT;
     ide_async_cmd_done(s);
     ide_set_irq(s->bus);
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception
@ 2016-08-02 10:49 忽朝俭
  0 siblings, 0 replies; 5+ messages in thread
From: 忽朝俭 @ 2016-08-02 10:49 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-trivial, kwolf, stefanha

From b5e5c01b025e83500ca46628add7f63f42f9b2ab Mon Sep 17 00:00:00 2001From: chaojianhu <chaojianhu@hotmail.com>Date: Tue, 2 Aug 2016 17:39:16 +0800Subject: [PATCH] hw/ide: fix a writing to null pointer exception
In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,and ide_flush_cb calls bdrv_acct_done without checking s->bs neither. Finally, bdrv_acct_done writes s->bs directly!
Reported-by: chaojianhu <chaojianhu@hotmail.com>Signed-off-by: chaojianhu <chaojianhu@hotmail.com>
--- hw/ide/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/ide/core.c b/hw/ide/core.cindex fa4cafa..c39eedc 100644--- a/hw/ide/core.c+++ b/hw/ide/core.c@@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret)         }     } -    bdrv_acct_done(s->bs, &s->acct);+    if (s->bs){+        bdrv_acct_done(s->bs, &s->acct);+    }     s->status = READY_STAT | SEEK_STAT;     ide_async_cmd_done(s);     ide_set_irq(s->bus);-- 1.9.1
 		 	   		  

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-08-02 14:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-02 10:22 [Qemu-devel] [PATCH] hw/ide: fix a writing to null pointer exception fikshu(忽朝俭)
2016-08-02 14:18 ` Peter Maydell
2016-08-02 10:49 忽朝俭
2016-08-02 12:14 chaojianhu
2016-08-02 12:15 chaojianhu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.