[Qemu-devel] AIO error case

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] AIO error case

From:	Nishanth Aravamudan
Subject:	[Qemu-devel] AIO error case
Date:	Tue, 22 May 2018 15:01:46 -0700

Hi!

I'm tracking an error case in the native AIO path, and was wondering if
there was a latent (albeit possibly hard to hit) bug. Specifically
util/async.c::aio_get_linux_aio:

#ifdef CONFIG_LINUX_AIO
LinuxAioState *aio_get_linux_aio(AioContext *ctx)
{
    if (!ctx->linux_aio) {
        ctx->linux_aio = laio_init();
        laio_attach_aio_context(ctx->linux_aio, ctx);
    }
    return ctx->linux_aio;
}
#endif

laio_init() can in certain conditions return NULL, but that's not checked
here and then the NULL result is passed directly into
laio_attach_aio_context, which dereferences it without checking that the
pointer is valid.

I'm not sure what is appropriate if laio_init() returns NULL, returning
NULL back to the caller of aio_get_linux_aio() has its own issues, because
those callers don't seem to check its return value either.

Thanks in advance!
-Nish

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] AIO error case, Nishanth Aravamudan <=
- Re: [Qemu-devel] AIO error case, John Snow, 2018/05/23
  - Re: [Qemu-devel] AIO error case, Nishanth Aravamudan, 2018/05/23
    - Re: [Qemu-devel] AIO error case, John Snow, 2018/05/23

Prev by Date: Re: [Qemu-devel] [PATCH 2/2] sheepdog: remove huge BSS object
Next by Date: Re: [Qemu-devel] storing machine data in qcow images?
Previous by thread: [Qemu-devel] [PATCH v1 00/30] QEMU 2.13 RISC-V updates
Next by thread: Re: [Qemu-devel] AIO error case
Index(es):
- Date
- Thread