block/iscsi: fix double-free on BUSY or similar statuses

Commit 8c460269 ("iscsi: base all handling of check condition on scsi_sense_to_errno", 2019-07-15) removed a "goto out" so that the same coroutine is re-entered twice; once from iscsi_co_generic_cb, once from the timer callback iscsi_retry_timer_expired. This can cause a crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1378 Reported-by: Grzegorz Zdanowski <https://gitlab.com/kiler129> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 5080152e) Signed-off-by: N Michael Tokarev <mjt@tls.msk.ru>

block/iscsi: fix double-free on BUSY or similar statuses
Commit 8c460269 ("iscsi: base all handling of check condition on scsi_sense_to_errno", 2019-07-15) removed a "goto out" so that the same coroutine is re-entered twice; once from iscsi_co_generic_cb, once from the timer callback iscsi_retry_timer_expired. This can cause a crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1378 Reported-by: Grzegorz Zdanowski <https://gitlab.com/kiler129> Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 5080152e) Signed-off-by: N Michael Tokarev <mjt@tls.msk.ru>
856a67ca · Paolo Bonzini · Michael Tokarev · f163cf6b · 856a67ca
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

block/iscsi.c block/iscsi.c +1 -0

未找到文件。
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -268,6 +268,7 @@ iscsi_co_generic_cb(struct iscsi_context *iscsi, int status,
                timer_mod(&iTask->retry_timer,
                          qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + retry_time);
                iTask->do_retry = 1;
+                return;
            } else if (status == SCSI_STATUS_CHECK_CONDITION) {
                int error = iscsi_translate_sense(&task->sense);
                if (error == EAGAIN) {