[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()
From: |
jsli |
Subject: |
Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put() |
Date: |
Fri, 30 Jun 2017 19:02:18 +0800 |
On 2017-06-29 05:12, Marc-André Lureau<address@hidden>wrote:
> Hi
>
> On Fri, Jun 23, 2017 at 6:28 AM Jia-Shiun
> Li<address@hidden(mailto:address@hidden)>wrote:
> > In commit 9e0bc24f dev->log_size was reset to zero too early before
> > syncing vhost log. It causes syncing to be skipped.
>
> ooch, I guess I didn't realize it was also accessing dev->log_size when
> taking dev->log in local variable.
> I wonder why the code is written this way, it looks like the function may be
> reentered. For consistency, and perhaps for the reentering case, I would use
> a local log_size variable too.
> Btw, how did you find this regression?
>
>
>
Ok, it makes sense to prevent reentering. Willregenerate patch.
We are trying to do vhost-scsi migration, and found it to cause
datainconsistency migrating an i/o stressed guest.
-Jia-Shiun