All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kevin Wolf <kwolf@redhat.com>
To: Hikaru Nishida <hikarupsp@gmail.com>
Cc: qemu-devel@nongnu.org, "open list:vvfat" <qemu-block@nongnu.org>,
	Max Reitz <mreitz@redhat.com>
Subject: Re: [PATCH] block/vvfat: Do not unref qcow on closing backing bdrv
Date: Fri, 14 Feb 2020 14:12:22 +0100	[thread overview]
Message-ID: <20200214131222.GC5443@linux.fritz.box> (raw)
In-Reply-To: <20200209175156.85748-1-hikarupsp@gmail.com>

Am 09.02.2020 um 18:51 hat Hikaru Nishida geschrieben:
> Before this commit, BDRVVVFATState.qcow is unrefed in write_target_close
> on closing backing bdrv of vvfat. However, qcow bdrv is opend as a child
> of vvfat in enable_write_target() so it will be also unrefed on closing
> vvfat itself. This causes use-after-free of qcow on freeing vvfat which
> has backing bdrv and qcow bdrv as children in this order because
> bdrv_close(vvfat) tries to free qcow bdrv after freeing backing bdrv
> as QLIST_FOREACH_SAFE() loop keeps next pointer, but BdrvChild of qcow
> is already freed in bdrv_close(backing bdrv).
> 
> Signed-off-by: Hikaru Nishida <hikarupsp@gmail.com>

Thanks, applied to the block branch.

Kevin



      reply	other threads:[~2020-02-14 13:13 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-09 17:51 [PATCH] block/vvfat: Do not unref qcow on closing backing bdrv Hikaru Nishida
2020-02-14 13:12 ` Kevin Wolf [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200214131222.GC5443@linux.fritz.box \
    --to=kwolf@redhat.com \
    --cc=hikarupsp@gmail.com \
    --cc=mreitz@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.