[Qemu-devel] [PULL 15/29] virtio-blk: fix reference a pointer which migh

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 15/29] virtio-blk: fix reference a pointer which migh

From:	Kevin Wolf
Subject:	[Qemu-devel] [PULL 15/29] virtio-blk: fix reference a pointer which might be freed
Date:	Fri, 22 Aug 2014 16:51:39 +0200

From: zhanghailiang <address@hidden>

In function virtio_blk_handle_request, it may freed memory pointed by req,
So do not access member of req after calling this function.

Cc: address@hidden
Reviewed-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: zhanghailiang <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
 hw/block/virtio-blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 302c39e..d9167ce 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
     s->rq = NULL;
 
     while (req) {
+        VirtIOBlockReq *next = req->next;
         virtio_blk_handle_request(req, &mrb);
-        req = req->next;
+        req = next;
     }
 
     virtio_submit_multiwrite(s->bs, &mrb);
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 04/29] block: Drop some superfluous casts from void *, (continued)
- [Qemu-devel] [PULL 04/29] block: Drop some superfluous casts from void *, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 06/29] runner: Kill a program under test by time-out, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 08/29] qcow2: Use g_try_new0() for cache array, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 07/29] qcow2: Constant cache size in bytes, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 10/29] iotests: Add test for qcow2's cache options, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 09/29] qcow2: Add runtime options for cache sizes, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 11/29] test-coroutine: test cost introduced by coroutine, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 12/29] qemu-iotests: Fix 028 reference output for qed, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 14/29] virtio-blk: allow block_resize with dataplane, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 13/29] block: acquire AioContext in qmp_block_resize(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 15/29] virtio-blk: fix reference a pointer which might be freed, Kevin Wolf <=
- [Qemu-devel] [PULL 17/29] blkdebug: Implement bdrv_refresh_filename(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 16/29] block: Add bdrv_refresh_filename(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 18/29] blkverify: Implement bdrv_refresh_filename(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 19/29] nbd: Implement bdrv_refresh_filename(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 21/29] iotests: Add test for image filename construction, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 22/29] block/vvfat.c: remove debugging code to reinit stderr if NULL, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 20/29] quorum: Implement bdrv_refresh_filename(), Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 24/29] raw-posix: fix O_DIRECT short reads, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 23/29] block/iscsi: fix memory corruption on iscsi resize, Kevin Wolf, 2014/08/22
- [Qemu-devel] [PULL 25/29] qemu-iotests: add test case 101 for short file I/O, Kevin Wolf, 2014/08/22

Prev by Date: [Qemu-devel] [PULL 13/29] block: acquire AioContext in qmp_block_resize()
Next by Date: [Qemu-devel] [PULL 17/29] blkdebug: Implement bdrv_refresh_filename()
Previous by thread: [Qemu-devel] [PULL 13/29] block: acquire AioContext in qmp_block_resize()
Next by thread: [Qemu-devel] [PULL 17/29] blkdebug: Implement bdrv_refresh_filename()
Index(es):
- Date
- Thread