From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:47852)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1UVNiL-00069Q-Bb
	for qemu-devel@nongnu.org; Thu, 25 Apr 2013 11:04:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1UVNiG-0003l6-JX
	for qemu-devel@nongnu.org; Thu, 25 Apr 2013 11:04:01 -0400
Received: from mx1.redhat.com ([209.132.183.28]:3040)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1UVNiG-0003ko-Az
	for qemu-devel@nongnu.org; Thu, 25 Apr 2013 11:03:56 -0400
Message-ID: <517945D7.9020105@redhat.com>
Date: Thu, 25 Apr 2013 09:03:51 -0600
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <1366898367-22166-1-git-send-email-kwolf@redhat.com>
In-Reply-To: <1366898367-22166-1-git-send-email-kwolf@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="----enig2HBUFLBIGNKBRQTEUQLQE"
Subject: Re: [Qemu-devel] [PATCH] rbd: Fix use after free in rbd_open()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: josh.durgin@inktank.com, Oliver.Francke@filoo.de, qemu-devel@nongnu.org, stefanha@redhat.com

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2HBUFLBIGNKBRQTEUQLQE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 04/25/2013 07:59 AM, Kevin Wolf wrote:
> Commit 56d1b4d2 frees the QemuOpts for the driver-specific options

It looks like commit a9ccedc3d was the real culprit that introduced the
problem into rbd.c, but that the problem was latent (thanks to reference
counting) until 56d1b4d2 later moved its qdict_del earlier in block.c.

Oops, both commits bear my review tag, which means I missed this the
first time around.

> immediately, even though it still needs the filename string that is
> contained there. This doesn't work. Move the deletion of the QemuOpts t=
o
> the end of the function where its content isn't needed any more.
>=20
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
>  block/rbd.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


------enig2HBUFLBIGNKBRQTEUQLQE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJReUXXAAoJEKeha0olJ0NqyWMIAIgOV4mVM8UX0ZhFBincXTac
3CsnFq3eJL7x6YsWEbrF2UZW1QtP3hvGnWyFnV1Au3a/QG79EFRL15WA6Ryx7p4p
FrCnq11mcpQ5dTSA5db1w1PYjLzQAwwwoulRxa6bPSozAwx8nTaDgJ5jK4VaktS2
cbBUV4iGr1s1Ux/RBINVu6qVze5sX60q8mIf05WMzQWXyE9ZediuIRn6+4dszDM/
J5UVb/0AWdOJDSPok7cYDvNPgM22jUgx4xKwULc+VglVwviAm3gERtshPWs960XX
Yqdit5A8RlfGbrjIta1dQ6cYs5+9TikCxuIBYCrvKHaveUi+GGRW9KQh/meFh98=
=g91+
-----END PGP SIGNATURE-----

------enig2HBUFLBIGNKBRQTEUQLQE--