From 76b03619435d0b2f0125ee7aa5c94f2b889247de Mon Sep 17 00:00:00 2001

From: Hanna Reitz <hreitz@redhat.com>

Date: Fri, 4 Feb 2022 12:10:08 +0100

Subject: [PATCH 4/8] block/nbd: Assert there are no timers when closed

RH-Author: Hanna Reitz <hreitz@redhat.com>

RH-MergeRequest: 74: block/nbd: Handle AioContext changes

RH-Commit: [2/6] 56903457ca35d9c596aeb6827a48f80e8eabd66a (hreitz/qemu-kvm-c-9-s)

RH-Bugzilla: 2033626

RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>

RH-Acked-by: Eric Blake <eblake@redhat.com>

RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or

they will access freed data when they fire.

This patch is separate from the patches that actually fix the issue

(HEAD^^ and HEAD^) so that you can run the associated regression iotest

(281) on a configuration that reproducibly exposes the bug.

Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Signed-off-by: Hanna Reitz <hreitz@redhat.com>

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

(cherry picked from commit 8a39c381e5e407d2fe5500324323f90a8540fa90)

Conflict:

- block/nbd.c: open_timer was introduced after the 6.2 release (for

  nbd's @open-timeout parameter), and has not been backported, so drop

  the assertion that it is NULL

Signed-off-by: Hanna Reitz <hreitz@redhat.com>

---

 block/nbd.c | 3 +++

 1 file changed, 3 insertions(+)

diff --git a/block/nbd.c b/block/nbd.c

index b8e5a9b4cc..aab20125d8 100644

--- a/block/nbd.c

+++ b/block/nbd.c

@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)

     yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));

+    /* Must not leave timers behind that would access freed data */

+    assert(!s->reconnect_delay_timer);

+

     object_unref(OBJECT(s->tlscreds));

     qapi_free_SocketAddress(s->saddr);

     s->saddr = NULL;

-- 

2.27.0