thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
9ae3a8
From d8f974ead4b4c1f549441e7aac96262cf2b754ee Mon Sep 17 00:00:00 2001
9ae3a8
From: Max Reitz <mreitz@redhat.com>
9ae3a8
Date: Mon, 17 Mar 2014 22:45:29 +0100
9ae3a8
Subject: [PATCH 4/6] qcow2: Check bs->drv in copy_sectors()
9ae3a8
9ae3a8
RH-Author: Max Reitz <mreitz@redhat.com>
9ae3a8
Message-id: <1395096331-12610-2-git-send-email-mreitz@redhat.com>
9ae3a8
Patchwork-id: 58119
9ae3a8
O-Subject: [RHEL-7.0 qemu-kvm PATCH 1/3] qcow2: Check bs->drv in copy_sectors()
9ae3a8
Bugzilla: 1048575
9ae3a8
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
9ae3a8
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
9ae3a8
RH-Acked-by: Fam Zheng <famz@redhat.com>
9ae3a8
9ae3a8
BZ: 1048575
9ae3a8
9ae3a8
Before dereferencing bs->drv for a call to its member bdrv_co_readv(),
9ae3a8
copy_sectors() should check whether that pointer is indeed valid, since
9ae3a8
it may have been set to NULL by e.g. a concurrent write triggering the
9ae3a8
corruption prevention mechanism.
9ae3a8
9ae3a8
Signed-off-by: Max Reitz <mreitz@redhat.com>
9ae3a8
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9ae3a8
(cherry picked from commit dba2855572c746836ad90ce9154403b5929d996b)
9ae3a8
9ae3a8
Signed-off-by: Max Reitz <mreitz@redhat.com>
9ae3a8
---
9ae3a8
 block/qcow2-cluster.c | 4 ++++
9ae3a8
 1 file changed, 4 insertions(+)
9ae3a8
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
---
9ae3a8
 block/qcow2-cluster.c |    4 ++++
9ae3a8
 1 files changed, 4 insertions(+), 0 deletions(-)
9ae3a8
9ae3a8
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
9ae3a8
index 862df0f..87c13ce 100644
9ae3a8
--- a/block/qcow2-cluster.c
9ae3a8
+++ b/block/qcow2-cluster.c
9ae3a8
@@ -370,6 +370,10 @@ static int coroutine_fn copy_sectors(BlockDriverState *bs,
9ae3a8
 
9ae3a8
     BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
9ae3a8
 
9ae3a8
+    if (!bs->drv) {
9ae3a8
+        return -ENOMEDIUM;
9ae3a8
+    }
9ae3a8
+
9ae3a8
     /* Call .bdrv_co_readv() directly instead of using the public block-layer
9ae3a8
      * interface.  This avoids double I/O throttling and request tracking,
9ae3a8
      * which can lead to deadlock when block layer copy-on-read is enabled.
9ae3a8
-- 
9ae3a8
1.7.1
9ae3a8