From patchwork Tue Apr  5 03:43:55 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zhanghailiang <zhang.zhanghailiang@huawei.com>
X-Patchwork-Id: 8746931
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Original-To: patchwork-qemu-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 431F1C0553
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue,  5 Apr 2016 03:45:29 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id A208820204
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue,  5 Apr 2016 03:45:28 +0000 (UTC)
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id A4A832017E
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue,  5 Apr 2016 03:45:27 +0000 (UTC)
Received: from localhost ([::1]:34196 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1anHvi-0000bQ-UV for patchwork-qemu-devel@patchwork.kernel.org;
	Mon, 04 Apr 2016 23:45:26 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33545)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1anHvb-0000bL-FB
	for qemu-devel@nongnu.org; Mon, 04 Apr 2016 23:45:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1anHvY-0007ux-Ph
	for qemu-devel@nongnu.org; Mon, 04 Apr 2016 23:45:19 -0400
Received: from szxga01-in.huawei.com ([58.251.152.64]:38620)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1anHvW-0007oQ-DA
	for qemu-devel@nongnu.org; Mon, 04 Apr 2016 23:45:16 -0400
Received: from 172.24.1.50 (EHLO szxeml428-hub.china.huawei.com)
	([172.24.1.50])
	by szxrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued)
	with ESMTP id DID48980; Tue, 05 Apr 2016 11:44:51 +0800 (CST)
Received: from localhost (10.177.24.212) by szxeml428-hub.china.huawei.com
	(10.82.67.183) with Microsoft SMTP Server id 14.3.235.1;
	Tue, 5 Apr 2016 11:44:42 +0800
From: zhanghailiang <zhang.zhanghailiang@huawei.com>
To: <qemu-devel@nongnu.org>
Date: Tue, 5 Apr 2016 11:43:55 +0800
Message-ID: <1459827835-7524-1-git-send-email-zhang.zhanghailiang@huawei.com>
X-Mailer: git-send-email 2.7.2.windows.1
MIME-Version: 1.0
X-Originating-IP: [10.177.24.212]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A020201.570334B6.012A, ss=1, re=0.000, recu=0.000,
	reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
	so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 5706c2ee9aae31ee096c1ff1277a53f4
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
X-Received-From: 58.251.152.64
Cc: jasowang@redhat.com, zhanghailiang <zhang.zhanghailiang@huawei.com>
Subject: [Qemu-devel] [PATCH v2] filter-buffer: fix segfault when starting
	qemu with status=off property
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

After commit 338d3f, we support 'status' property for filter object.
The segfault can be triggered by starting qemu with 'status=off' property
for filter, when the s->incoming_queue is NULL, we reference it directly
in qemu_net_queue_flush() which was called in status_changed() callback
function.

We shouldn't trigger status_changed() before the filter was initialized,
We can check the value of 'nf->netdev' to confirm if the filter is
initialized or not, so let's check its value before calling
status_changed().

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
v2:
 - fix the segfault by skipping calling status_changed() if the filter
   is not initialized. (Jason Wang's suggestion)
---
 net/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/filter.c b/net/filter.c
index 1c4fc5a..8ac79f3 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -164,7 +164,7 @@ static void netfilter_set_status(Object *obj, const char *str, Error **errp)
         return;
     }
     nf->on = !nf->on;
-    if (nfc->status_changed) {
+    if (nf->netdev && nfc->status_changed) {
         nfc->status_changed(nf, errp);
     }
 }