Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()

From:	jsli
Subject:	Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()
Date:	Fri, 30 Jun 2017 19:02:18 +0800


On 2017-06-29 05:12, Marc-André Lureau<address@hidden>wrote:
> Hi
>   
> On Fri, Jun 23, 2017 at 6:28 AM Jia-Shiun 
> Li<address@hidden(mailto:address@hidden)>wrote:
> > In commit 9e0bc24f dev->log_size was reset to zero too early before
> > syncing vhost log. It causes syncing to be skipped.
>   
> ooch, I guess I didn't realize it was also accessing dev->log_size when 
> taking dev->log in local variable.
> I wonder why the code is written this way, it looks like the function may be 
> reentered. For consistency, and perhaps for the reentering case, I would use 
> a local log_size variable too.
> Btw, how did you find this regression?
>   
>   
>   

Ok, it makes sense to prevent reentering. Willregenerate patch.
We are trying to do vhost-scsi migration, and found it to cause 
datainconsistency migrating an i/o stressed guest.

-Jia-Shiun

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), Jia-Shiun Li, 2017/06/23
- Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), Marc-André Lureau, 2017/06/28
  - Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), jsli <=

Prev by Date: Re: [Qemu-devel] [PULL 0/2] hmp queue
Next by Date: Re: [Qemu-devel] [PULL 00/21] ppc-for-2.10 queue 20170730
Previous by thread: Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()
Next by thread: [Qemu-devel] [PATCH v5 00/10] migration: objectify MigrationState
Index(es):
- Date
- Thread