diff options
| author | Max Reitz <mreitz@redhat.com> | 2021-02-19 16:33:48 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2021-03-08 14:55:18 +0100 |
| commit | e41799409281eab19c17692d1c52cb4cef7f5494 (patch) | |
| tree | ffcc2354ed468310011a3087c55b4f7dd2b38d52 /storage-daemon/qemu-storage-daemon.c | |
| parent | 705dde27c6c53b73d2aa139b5b2a0ea490153e5b (diff) | |
| download | focaccia-qemu-e41799409281eab19c17692d1c52cb4cef7f5494.tar.gz focaccia-qemu-e41799409281eab19c17692d1c52cb4cef7f5494.zip | |
iotests/283: Check that finalize drops backup-top
Without any of HEAD^ or HEAD^^ applied, qemu will most likely crash on the qemu-io invocation, for a variety of immediate reasons. The underlying problem is generally a use-after-free access into backup-top's BlockCopyState. With only HEAD^ applied, qemu-io will run into an EIO (which is not capture by the output, but you can see that the qemu-io invocation will be accepted (i.e., qemu-io will run) in contrast to the reference output, where the node name cannot be found), and qemu will then crash in query-named-block-nodes: bdrv_get_allocated_file_size() detects backup-top to be a filter and passes the request through to its child. However, after bdrv_backup_top_drop(), that child is NULL, so the recursive call crashes. With HEAD^^ applied, this test should pass. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20210219153348.41861-4-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'storage-daemon/qemu-storage-daemon.c')
0 files changed, 0 insertions, 0 deletions