[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] AIO error case
From: |
Nishanth Aravamudan |
Subject: |
[Qemu-devel] AIO error case |
Date: |
Tue, 22 May 2018 15:01:46 -0700 |
Hi!
I'm tracking an error case in the native AIO path, and was wondering if
there was a latent (albeit possibly hard to hit) bug. Specifically
util/async.c::aio_get_linux_aio:
#ifdef CONFIG_LINUX_AIO
LinuxAioState *aio_get_linux_aio(AioContext *ctx)
{
if (!ctx->linux_aio) {
ctx->linux_aio = laio_init();
laio_attach_aio_context(ctx->linux_aio, ctx);
}
return ctx->linux_aio;
}
#endif
laio_init() can in certain conditions return NULL, but that's not checked
here and then the NULL result is passed directly into
laio_attach_aio_context, which dereferences it without checking that the
pointer is valid.
I'm not sure what is appropriate if laio_init() returns NULL, returning
NULL back to the caller of aio_get_linux_aio() has its own issues, because
those callers don't seem to check its return value either.
Thanks in advance!
-Nish
- [Qemu-devel] AIO error case,
Nishanth Aravamudan <=