From patchwork Wed Jul 26 14:52:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Denis V. Lunev" X-Patchwork-Id: 13328305 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 782D0C001DC for ; Wed, 26 Jul 2023 15:45:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qOftR-0003Fr-9O; Wed, 26 Jul 2023 10:53:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qOft3-000374-Bj; Wed, 26 Jul 2023 10:53:13 -0400 Received: from relay.virtuozzo.com ([130.117.225.111]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qOfsq-0007LU-0w; Wed, 26 Jul 2023 10:53:12 -0400 Received: from ch-vpn.virtuozzo.com ([130.117.225.6] helo=iris.sw.ru) by relay.virtuozzo.com with esmtp (Exim 4.96) (envelope-from ) id 1qOfqn-00EXdH-3C; Wed, 26 Jul 2023 16:52:36 +0200 From: "Denis V. Lunev" To: qemu-block@nongnu.org, qemu-devel@nongnu.org Cc: den@openvz.org, Eric Blake , Vladimir Sementsov-Ogievskiy , qemu-stable@nongnu.org Subject: [PATCH 1/1] qemu-nbd: regression with arguments passing into nbd_client_thread() Date: Wed, 26 Jul 2023 16:52:47 +0200 Message-Id: <20230726145247.297454-1-den@openvz.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Received-SPF: pass client-ip=130.117.225.111; envelope-from=den@openvz.org; helo=relay.virtuozzo.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Unfortunately commit 03b67621445d601c9cdc7dfe25812e9f19b81488 Author: Denis V. Lunev Date: Mon Jul 17 16:55:40 2023 +0200 qemu-nbd: pass structure into nbd_client_thread instead of plain char* has introduced a regression. struct NbdClientOpts resides on stack inside 'if' block. This specifically means that this stack space could be reused once the execution will leave that block of the code. This means that parameters passed into nbd_client_thread could be overwritten at any moment. The patch moves the data to the namespace of main() function effectively preserving it for the whole process lifetime. Signed-off-by: Denis V. Lunev CC: Eric Blake CC: Vladimir Sementsov-Ogievskiy CC: Reviewed-by: Eric Blake --- qemu-nbd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qemu-nbd.c b/qemu-nbd.c index 5b2757920c..7a15085ade 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -589,6 +589,7 @@ int main(int argc, char **argv) const char *pid_file_name = NULL; const char *selinux_label = NULL; BlockExportOptions *export_opts; + struct NbdClientOpts opts; #ifdef CONFIG_POSIX os_setup_early_signal_handling(); @@ -1145,7 +1146,7 @@ int main(int argc, char **argv) if (device) { #if HAVE_NBD_DEVICE int ret; - struct NbdClientOpts opts = { + opts = (struct NbdClientOpts) { .device = device, .fork_process = fork_process, .verbose = verbose,