)]}'
{
  "commit": "d22b2f41c470067758b3636a01b452dfeda7069f",
  "tree": "327f9815ca8157d2324f4c2a732e9683bc400b2b",
  "parents": [
    "f6ec953ca329d4509e5a1a1ff051365fccdbb6b7"
  ],
  "author": {
    "name": "Ryan Harper",
    "email": "ryanh@us.ibm.com",
    "time": "Tue Mar 29 20:51:47 2011 -0500"
  },
  "committer": {
    "name": "Kevin Wolf",
    "email": "kwolf@redhat.com",
    "time": "Thu Apr 07 13:51:47 2011 +0200"
  },
  "message": "Do not delete BlockDriverState when deleting the drive\n\nWhen removing a drive from the host-side via drive_del we currently have\nthe following path:\n\ndrive_del\nqemu_aio_flush()\nbdrv_close()    // zaps bs-\u003edrv, which makes any subsequent I/O get\n                // dropped.  Works as designed\ndrive_uninit()\nbdrv_delete()   // frees the bs.  Since the device is still connected to\n                // bs, any subsequent I/O is a use-after-free.\n\nThe value of bs-\u003edrv becomes unpredictable on free.  As long as it\nremains null, I/O still gets dropped, however it could become non-null\nat any point after the free resulting SEGVs or other QEMU state\ncorruption.\n\nTo resolve this issue as simply as possible, we can chose to not\nactually delete the BlockDriverState pointer.  Since bdrv_close()\nhandles setting the drv pointer to NULL, we just need to remove the\nBlockDriverState from the QLIST that is used to enumerate the block\ndevices.  This is currently handled within bdrv_delete, so move this\ninto its own function, bdrv_make_anon().\n\nThe result is that we can now invoke drive_del, this closes the file\ndescriptors and sets BlockDriverState-\u003edrv to NULL which prevents futher\nIO to the device, and since we do not free BlockDriverState, we don\u0027t\nhave to worry about the copy retained in the block devices.\n\nWe also don\u0027t attempt to remove the qdev property since we are no longer\ndeleting the BlockDriverState on drives with associated drives.  This\nalso allows for removing Drives with no devices associated either.\n\nReported-by: Markus Armbruster \u003carmbru@redhat.com\u003e\nSigned-off-by: Ryan Harper \u003cryanh@us.ibm.com\u003e\nAcked-by: Markus Armbruster \u003carmbru@redhat.com\u003e\nSigned-off-by: Kevin Wolf \u003ckwolf@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "c8e2f97614a7217b7e1ae309bfc5ee1bf9714c49",
      "old_mode": 33188,
      "old_path": "block.c",
      "new_id": "c93ec6d4181314428704029621c7756e1ca42c10",
      "new_mode": 33188,
      "new_path": "block.c"
    },
    {
      "type": "modify",
      "old_id": "5d78fc0ed7076f52e7d872f79aa012a8620d796a",
      "old_mode": 33188,
      "old_path": "block.h",
      "new_id": "52e9cad55c0e2ce50fdcfdfeca49f71cdd75a82c",
      "new_mode": 33188,
      "new_path": "block.h"
    },
    {
      "type": "modify",
      "old_id": "bbe92fe19646745d375372db27c3784482362d03",
      "old_mode": 33188,
      "old_path": "blockdev.c",
      "new_id": "5429621f0c29745509739f9b996a92e1d34754ef",
      "new_mode": 33188,
      "new_path": "blockdev.c"
    }
  ]
}