[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] ide: fix double free
|
From: |
arei.gonglei |
|
Subject: |
[Qemu-devel] [PATCH] ide: fix double free |
|
Date: |
Wed, 2 Jul 2014 16:50:17 +0800 |
From: Chenliang <address@hidden>
Qemu may double free when excutes command "reboot -f" in vm.
One path is bdrv_aio_cancel(), the other is dma_bdrv_cb()
callback prcocess.
Signed-off-by: Chenliang <address@hidden>
Signed-off-by: Gonglei <address@hidden>
---
Qemu crash bt:
Program received signal SIGABRT, Aborted.
0x00007f3cb2c76b55 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f3cb2c76b55 in raise () from /lib64/libc.so.6
#1 0x00007f3cb2c78131 in abort () from /lib64/libc.so.6
#2 0x00007f3cb2cb4e0f in __libc_message () from /lib64/libc.so.6
#3 0x00007f3cb2cba618 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007f3cb2cbf65c in free () from /lib64/libc.so.6
#5 0x00007f3cb54146f2 in free_and_trace (mem=0x7f3cb63f3220) at vl.c:3078
#6 0x00007f3cb52126cd in qemu_aio_release (p=0x7f3cb63f3220) at block.c:4262
#7 0x00007f3cb525de5e in dma_complete (dbs=0x7f3cb63f3220, ret=0) at
dma-helpers.c:135
#8 0x00007f3cb525df3d in dma_bdrv_cb (opaque=0x7f3cb63f3220, ret=0) at
dma-helpers.c:152
#9 0x00007f3cb5212102 in bdrv_co_em_bh (opaque=0x7f3cb6398980) at block.c:4127
#10 0x00007f3cb51f6cef in aio_bh_poll (ctx=0x7f3cb622a8f0) at async.c:70
#11 0x00007f3cb51f695a in aio_poll (ctx=0x7f3cb622a8f0, blocking=false) at
aio-posix.c:185
#12 0x00007f3cb51f7056 in aio_ctx_dispatch (source=0x7f3cb622a8f0,
callback=0x0, user_data=0x0)
at async.c:167
#13 0x00007f3cb48b969a in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#14 0x00007f3cb538956d in glib_pollfds_poll () at main-loop.c:188
#15 0x00007f3cb538965e in os_host_main_loop_wait (timeout=0) at main-loop.c:233
#16 0x00007f3cb5389718 in main_loop_wait (nonblocking=0) at main-loop.c:478
#17 0x00007f3cb5411212 in main_loop () at vl.c:2319
#18 0x00007f3cb54186ba in main (argc=57, argv=0x7fff5510c968,
envp=0x7fff5510cb38) at vl.c:4803
---
hw/ide/core.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 3a38f1e..76d65c1 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2050,11 +2050,9 @@ void ide_bus_reset(IDEBus *bus)
/* pending async DMA */
if (bus->dma->aiocb) {
-#ifdef DEBUG_AIO
- printf("aio_cancel\n");
-#endif
- bdrv_aio_cancel(bus->dma->aiocb);
- bus->dma->aiocb = NULL;
+ bdrv_drain_all();
+ bdrv_flush_all();
+ assert(bus->dma->aiocb == NULL);
}
/* reset dma provider too */
--
1.7.12.4
- [Qemu-devel] [PATCH] ide: fix double free,
arei.gonglei <=
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Gonglei (Arei), 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02