From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 01/11] virtio-blk: fix use-after-free while handling scsi commands
Date: Fri, 10 Aug 2012 18:47:19 +0200 [thread overview]
Message-ID: <1344617249-6620-2-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1344617249-6620-1-git-send-email-kwolf@redhat.com>
From: Avi Kivity <avi@redhat.com>
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/virtio-blk.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index f21757e..552b3b6 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
virtio_blk_req_complete(req, status);
g_free(req);
+ return;
#else
abort();
#endif
--
1.7.6.5
next prev parent reply other threads:[~2012-08-10 16:47 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-10 16:47 [Qemu-devel] [PULL 00/11] Block patches Kevin Wolf
2012-08-10 16:47 ` Kevin Wolf [this message]
2012-08-10 16:47 ` [Qemu-devel] [PATCH 02/11] ahci: Fix ahci cdrom read corruptions for reads > 128k Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 03/11] ahci: Fix sglist memleak in ahci_dma_rw_buf() Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 04/11] qemu-iotests: Save some sed processes Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 05/11] virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE Kevin Wolf
2012-08-12 20:47 ` Anthony Liguori
2012-08-10 16:47 ` [Qemu-devel] [PATCH 06/11] virtio-blk: disable write cache if not negotiated Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 07/11] blockdev: flip default cache mode from writethrough to writeback Kevin Wolf
2013-03-27 15:16 ` Artyom Tarasenko
2013-03-27 15:19 ` Paolo Bonzini
2012-08-10 16:47 ` [Qemu-devel] [PATCH 08/11] qed: mark image clean after repair succeeds Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 09/11] qcow2: " Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 10/11] block: add BLOCK_O_CHECK for qemu-img check Kevin Wolf
2012-08-10 16:47 ` [Qemu-devel] [PATCH 11/11] qemu-iotests: skip 039 with ./check -nocache Kevin Wolf
2012-08-12 18:14 ` [Qemu-devel] [PULL 00/11] Block patches Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1344617249-6620-2-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.