提交 540ee872 编写于 作者: J Ján Tomko

qemu: fix crash with shared disks

Commit f36a94f2 introduced a double free on all success paths
in qemuSharedDeviceEntryInsert.

Only call qemuSharedDeviceEntryFree on the error path and
set entry to NULL before jumping there if the entry already
is in the hash table.

https://bugzilla.redhat.com/show_bug.cgi?id=1142722
上级 434dd551
...@@ -1011,38 +1011,36 @@ qemuSharedDeviceEntryInsert(virQEMUDriverPtr driver, ...@@ -1011,38 +1011,36 @@ qemuSharedDeviceEntryInsert(virQEMUDriverPtr driver,
const char *name) const char *name)
{ {
qemuSharedDeviceEntry *entry = NULL; qemuSharedDeviceEntry *entry = NULL;
int ret = -1;
if ((entry = virHashLookup(driver->sharedDevices, key))) { if ((entry = virHashLookup(driver->sharedDevices, key))) {
/* Nothing to do if the shared scsi host device is already /* Nothing to do if the shared scsi host device is already
* recorded in the table. * recorded in the table.
*/ */
if (qemuSharedDeviceEntryDomainExists(entry, name, NULL)) { if (!qemuSharedDeviceEntryDomainExists(entry, name, NULL)) {
ret = 0;
goto cleanup;
}
if (VIR_EXPAND_N(entry->domains, entry->ref, 1) < 0 || if (VIR_EXPAND_N(entry->domains, entry->ref, 1) < 0 ||
VIR_STRDUP(entry->domains[entry->ref - 1], name) < 0) VIR_STRDUP(entry->domains[entry->ref - 1], name) < 0) {
goto cleanup; /* entry is owned by the hash table here */
entry = NULL;
goto error;
}
}
} else { } else {
if (VIR_ALLOC(entry) < 0 || if (VIR_ALLOC(entry) < 0 ||
VIR_ALLOC_N(entry->domains, 1) < 0 || VIR_ALLOC_N(entry->domains, 1) < 0 ||
VIR_STRDUP(entry->domains[0], name) < 0) VIR_STRDUP(entry->domains[0], name) < 0)
goto cleanup; goto error;
entry->ref = 1; entry->ref = 1;
if (virHashAddEntry(driver->sharedDevices, key, entry)) if (virHashAddEntry(driver->sharedDevices, key, entry))
goto cleanup; goto error;
} }
ret = 0; return 0;
cleanup: error:
qemuSharedDeviceEntryFree(entry, NULL); qemuSharedDeviceEntryFree(entry, NULL);
return -1;
return ret;
} }
......
...@@ -294,8 +294,7 @@ bool qemuSharedDeviceEntryDomainExists(qemuSharedDeviceEntryPtr entry, ...@@ -294,8 +294,7 @@ bool qemuSharedDeviceEntryDomainExists(qemuSharedDeviceEntryPtr entry,
char *qemuGetSharedDeviceKey(const char *disk_path) char *qemuGetSharedDeviceKey(const char *disk_path)
ATTRIBUTE_NONNULL(1); ATTRIBUTE_NONNULL(1);
void qemuSharedDeviceEntryFree(void *payload, const void *name) void qemuSharedDeviceEntryFree(void *payload, const void *name);
ATTRIBUTE_NONNULL(1);
int qemuAddSharedDevice(virQEMUDriverPtr driver, int qemuAddSharedDevice(virQEMUDriverPtr driver,
virDomainDeviceDefPtr dev, virDomainDeviceDefPtr dev,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册