Commit d6268348 authored by Wen Congyang's avatar Wen Congyang Committed by Paolo Bonzini
Browse files

nbd: release exp->blk after all clients are closed 



If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.

Reported-by: default avatarLi Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: default avatarWen Congyang <wency@cn.fujitsu.com>
Message-Id: <55F929E2.1020501@cn.fujitsu.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 04f2562f

nbd.c

+15 −6
Original line number Diff line number Diff line
@@ -1131,12 +1131,6 @@ void nbd_export_close(NBDExport *exp) 
    }

    nbd_export_set_name(exp, NULL);

    nbd_export_put(exp);

    if (exp->blk) {

        blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,

                                        blk_aio_detach, exp);

        blk_unref(exp->blk);

        exp->blk = NULL;

    }

}



void nbd_export_get(NBDExport *exp)
@@ -1159,6 +1153,13 @@ void nbd_export_put(NBDExport *exp) 
            exp->close(exp);

        }



        if (exp->blk) {

            blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,

                                            blk_aio_detach, exp);

            blk_unref(exp->blk);

            exp->blk = NULL;

        }



        g_free(exp);

    }

}
@@ -1305,6 +1306,14 @@ static void nbd_trip(void *opaque) 
        goto invalid_request;

    }



    if (client->closing) {

        /*

         * The client may be closed when we are blocked in

         * nbd_co_receive_request()

         */

        goto done;

    }



    switch (command) {

    case NBD_CMD_READ:

        TRACE("Request type is READ");