Re: [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion

From:	Kevin Wolf
Subject:	Re: [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion
Date:	Fri, 9 Jun 2017 13:45:47 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

Am 02.06.2017 um 23:12 hat Kevin Wolf geschrieben:
> The final bdrv_set_backing_hd() could be working on already freed nodes
> because the commit job drops its references (through BlockBackends) to
> both overlay_bs and top already a bit earlier.
> 
> One way to trigger the bug is hot unplugging a disk for which
> blockdev_mark_auto_del() cancels the block job.
> 
> Fix this by taking BDS-level references while we're still using the
> nodes.
> 
> Signed-off-by: Kevin Wolf <address@hidden>

Cc: address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-block] [PATCH 0/2] commit: Fix use after free in completion, Kevin Wolf, 2017/06/02
- [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion, Kevin Wolf, 2017/06/02
  - Re: [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion, Kevin Wolf <=
- [Qemu-block] [PATCH 2/2] qemu-iotests: Test automatic commit job cancel on hot unplug, Kevin Wolf, 2017/06/02
- Re: [Qemu-block] [PATCH 0/2] commit: Fix use after free in completion, John Snow, 2017/06/02

Prev by Date: Re: [Qemu-block] [Qemu-devel] [PATCH] nbd: Fix regression on resiliency to port scan
Next by Date: [Qemu-block] [PATCH 0/3] commit: Fix completion with extra reference
Previous by thread: [Qemu-block] [PATCH 1/2] commit: Fix use after free in completion
Next by thread: [Qemu-block] [PATCH 2/2] qemu-iotests: Test automatic commit job cancel on hot unplug
Index(es):
- Date
- Thread