Re: [Qemu-stable] [PATCH 1/2] commit: Fix use after free in completion

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] [PATCH 1/2] commit: Fix use after free in completion

From:	Kevin Wolf
Subject:	Re: [Qemu-stable] [PATCH 1/2] commit: Fix use after free in completion
Date:	Fri, 9 Jun 2017 13:45:47 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

Am 02.06.2017 um 23:12 hat Kevin Wolf geschrieben:
> The final bdrv_set_backing_hd() could be working on already freed nodes
> because the commit job drops its references (through BlockBackends) to
> both overlay_bs and top already a bit earlier.
> 
> One way to trigger the bug is hot unplugging a disk for which
> blockdev_mark_auto_del() cancels the block job.
> 
> Fix this by taking BDS-level references while we're still using the
> nodes.
> 
> Signed-off-by: Kevin Wolf <address@hidden>

Cc: address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-stable] [PATCH 1/2] commit: Fix use after free in completion, Kevin Wolf <=

Prev by Date: [Qemu-stable] [PULL 1/5] s390x/css: catch section mismatch on load
Next by Date: Re: [Qemu-stable] [Qemu-devel] [PATCH] nbd: Fully initialize client in case of failed negotiation
Previous by thread: [Qemu-stable] [PULL 1/5] s390x/css: catch section mismatch on load
Next by thread: Re: [Qemu-stable] [Qemu-devel] [PATCH] nbd: Fully initialize client in case of failed negotiation
Index(es):
- Date
- Thread