| Message ID | 20230727105828.324314-1-den@openvz.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2,1/1] qemu-nbd: regression with arguments passing into nbd_client_thread() | expand |
On Thu, Jul 27, 2023 at 12:58:28PM +0200, Denis V. Lunev wrote: > Unfortunately > commit 03b67621445d601c9cdc7dfe25812e9f19b81488 > Author: Denis V. Lunev <den@openvz.org> > Date: Mon Jul 17 16:55:40 2023 +0200 > qemu-nbd: pass structure into nbd_client_thread instead of plain char* > has introduced a regression. struct NbdClientOpts resides on stack inside > 'if' block. This specifically means that this stack space could be reused > once the execution will leave that block of the code. > > This means that parameters passed into nbd_client_thread could be > overwritten at any moment. > > The patch moves the data to the namespace of main() function effectively > preserving it for the whole process lifetime. > > Signed-off-by: Denis V. Lunev <den@openvz.org> > CC: Eric Blake <eblake@redhat.com> > CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> > CC: <qemu-stable@nongnu.org> > --- > Changes from v1: > - fixed compilation without HAVE_NBD_DEVICE (i.e. for Win/BSD) Reviewed-by: Eric Blake <eblake@redhat.com>
diff --git a/qemu-nbd.c b/qemu-nbd.c index 5b2757920c..aaccaa3318 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -589,6 +589,9 @@ int main(int argc, char **argv) const char *pid_file_name = NULL; const char *selinux_label = NULL; BlockExportOptions *export_opts; +#if HAVE_NBD_DEVICE + struct NbdClientOpts opts; +#endif #ifdef CONFIG_POSIX os_setup_early_signal_handling(); @@ -1145,7 +1148,7 @@ int main(int argc, char **argv) if (device) { #if HAVE_NBD_DEVICE int ret; - struct NbdClientOpts opts = { + opts = (struct NbdClientOpts) { .device = device, .fork_process = fork_process, .verbose = verbose,
Unfortunately commit 03b67621445d601c9cdc7dfe25812e9f19b81488 Author: Denis V. Lunev <den@openvz.org> Date: Mon Jul 17 16:55:40 2023 +0200 qemu-nbd: pass structure into nbd_client_thread instead of plain char* has introduced a regression. struct NbdClientOpts resides on stack inside 'if' block. This specifically means that this stack space could be reused once the execution will leave that block of the code. This means that parameters passed into nbd_client_thread could be overwritten at any moment. The patch moves the data to the namespace of main() function effectively preserving it for the whole process lifetime. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Eric Blake <eblake@redhat.com> CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> CC: <qemu-stable@nongnu.org> --- Changes from v1: - fixed compilation without HAVE_NBD_DEVICE (i.e. for Win/BSD) qemu-nbd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)