[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/3] coroutine: Fix use after free with qemu_cor
From: |
Kevin Wolf |
Subject: |
Re: [Qemu-devel] [PATCH 1/3] coroutine: Fix use after free with qemu_coroutine_yield() |
Date: |
Fri, 20 Feb 2015 16:05:01 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Am 10.02.2015 um 11:41 hat Kevin Wolf geschrieben:
> Instead of using the same function for entering and exiting coroutines,
> and hoping that it doesn't add any functionality that hurts with the
> parameters used for exiting, we can just directly call into the real
> task switch in qemu_coroutine_switch().
>
> This fixes a use-after-free scenario where reentering a coroutine that
> has yielded still accesses the old parent coroutine (which may have
> meanwhile terminated) in the part of coroutine_swap() that follows
> qemu_coroutine_switch().
>
> Signed-off-by: Kevin Wolf <address@hidden>
Cc: address@hidden
Thanks to Peter for noticing that I forgot this.
Kevin
[Qemu-devel] [PATCH 3/3] test-coroutine: Regression test for yield bug, Kevin Wolf, 2015/02/10
Re: [Qemu-devel] [PATCH 0/3] coroutine: Fix qemu_coroutine_yield(), Kevin Wolf, 2015/02/16