Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash

From:	Max Reitz
Subject:	Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash
Date:	Thu, 20 May 2021 15:51:43 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1

On 20.05.21 15:44, Peter Maydell wrote:

On Fri, 14 May 2021 at 17:45, Max Reitz <mreitz@redhat.com> wrote:


From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>


Hi; Coverity complains about this code (CID 1453194):

diff --git a/qemu-io.c b/qemu-io.c
index bf902302e9..57f07501df 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -411,6 +411,19 @@ static void prep_fetchline(void *opaque)
      *fetchable= 1;
  }

+static int do_qemuio_command(const char *cmd)
+{
+    int ret;
+    AioContext *ctx =
+        qemuio_blk ? blk_get_aio_context(qemuio_blk) : qemu_get_aio_context();


Here we check whether qemuio_blk is NULL...

+
+    aio_context_acquire(ctx);
+    ret = qemuio_command(qemuio_blk, cmd);


...but here we pass it to qemuio_command(), which assumes it must
be non-NULL (via calling command() which calls blk_is_available()).

Bug, or false positive ?


It’s a false positive, Vladimir has sent a patch to silence Coverity:

https://lists.nongnu.org/archive/html/qemu-block/2021-05/msg00853.html

Max

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/19] Block patches, Max Reitz, 2021/05/14
- [PULL 01/19] iotests/231: Update expected deprecation message, Max Reitz, 2021/05/14
- [PULL 02/19] block/rbd: Add an escape-aware strchr helper, Max Reitz, 2021/05/14
- [PULL 05/19] qemu-iotests: do not buffer the test output, Max Reitz, 2021/05/14
- [PULL 06/19] qemu-iotests: allow passing unittest.main arguments to the test scripts, Max Reitz, 2021/05/14
- [PULL 04/19] mirror: stop cancelling in-flight requests on non-force cancel in READY, Max Reitz, 2021/05/14
- [PULL 09/19] qemu-iotests: fix case of SOCK_DIR already in the environment, Max Reitz, 2021/05/14
- [PULL 08/19] qemu-iotests: let "check" spawn an arbitrary test command, Max Reitz, 2021/05/14
- [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash, Max Reitz, 2021/05/14
  - Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash, Peter Maydell, 2021/05/20
    - Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash, Max Reitz <=
- [PULL 07/19] qemu-iotests: move command line and environment handling from TestRunner to TestEnv, Max Reitz, 2021/05/14
- [PULL 12/19] qemu-iotests: fix pylint 2.8 consider-using-with error, Max Reitz, 2021/05/14
- [PULL 14/19] block: drop write notifiers, Max Reitz, 2021/05/14
- [PULL 10/19] Document qemu-img options data_file and data_file_raw, Max Reitz, 2021/05/14
- [PULL 13/19] block/write-threshold: don't use write notifiers, Max Reitz, 2021/05/14
- [PULL 11/19] block/copy-on-read: use bdrv_drop_filter() and drop s->active, Max Reitz, 2021/05/14
- [PULL 16/19] block/write-threshold: drop extra APIs, Max Reitz, 2021/05/14
- [PULL 15/19] test-write-threshold: rewrite test_threshold_(not_)trigger tests, Max Reitz, 2021/05/14
- [PULL 17/19] test-write-threshold: drop extra tests, Max Reitz, 2021/05/14
- [PULL 18/19] test-write-threshold: drop extra TestStruct structure, Max Reitz, 2021/05/14

Prev by Date: Re: [PULL v3 24/42] target/riscv: Implementation of enhanced PMP (ePMP)
Next by Date: Re: [PULL v3 36/42] target/riscv: Remove the hardcoded MSTATUS_SD macro
Previous by thread: Re: [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash
Next by thread: [PULL 07/19] qemu-iotests: move command line and environment handling from TestRunner to TestEnv
Index(es):
- Date
- Thread