From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com
Subject: [Qemu-devel] [PULL 15/29] virtio-blk: fix reference a pointer which might be freed
Date: Fri, 22 Aug 2014 16:51:39 +0200 [thread overview]
Message-ID: <1408719113-5316-16-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1408719113-5316-1-git-send-email-kwolf@redhat.com>
From: zhanghailiang <zhang.zhanghailiang@huawei.com>
In function virtio_blk_handle_request, it may freed memory pointed by req,
So do not access member of req after calling this function.
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/virtio-blk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 302c39e..d9167ce 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
s->rq = NULL;
while (req) {
+ VirtIOBlockReq *next = req->next;
virtio_blk_handle_request(req, &mrb);
- req = req->next;
+ req = next;
}
virtio_submit_multiwrite(s->bs, &mrb);
--
1.8.3.1
next prev parent reply other threads:[~2014-08-22 14:52 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-22 14:51 [Qemu-devel] [PULL 00/29] Block patches Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 01/29] block: Use g_new() & friends where that makes obvious sense Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 02/29] block: Use g_new() & friends to avoid multiplying sizes Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 03/29] qemu-io-cmds: g_renew() can't fail, bury dead error handling Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 04/29] block: Drop some superfluous casts from void * Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 05/29] runner: Add an argument for test duration Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 06/29] runner: Kill a program under test by time-out Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 07/29] qcow2: Constant cache size in bytes Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 08/29] qcow2: Use g_try_new0() for cache array Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 09/29] qcow2: Add runtime options for cache sizes Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 10/29] iotests: Add test for qcow2's cache options Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 11/29] test-coroutine: test cost introduced by coroutine Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 12/29] qemu-iotests: Fix 028 reference output for qed Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 13/29] block: acquire AioContext in qmp_block_resize() Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 14/29] virtio-blk: allow block_resize with dataplane Kevin Wolf
2014-08-22 14:51 ` Kevin Wolf [this message]
2014-08-22 14:51 ` [Qemu-devel] [PULL 16/29] block: Add bdrv_refresh_filename() Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 17/29] blkdebug: Implement bdrv_refresh_filename() Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 18/29] blkverify: " Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 19/29] nbd: " Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 20/29] quorum: " Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 21/29] iotests: Add test for image filename construction Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 22/29] block/vvfat.c: remove debugging code to reinit stderr if NULL Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 23/29] block/iscsi: fix memory corruption on iscsi resize Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 24/29] raw-posix: fix O_DIRECT short reads Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 25/29] qemu-iotests: add test case 101 for short file I/O Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 26/29] blkdebug: Delete BH in bdrv_aio_cancel Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 27/29] vmdk: Use bdrv_nb_sectors() where sectors, not bytes are wanted Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 28/29] qemu-img: Allow source cache mode specification Kevin Wolf
2014-08-22 14:51 ` [Qemu-devel] [PULL 29/29] qemu-img: Allow cache mode specification for amend Kevin Wolf
2014-08-22 15:09 ` [Qemu-devel] [PULL 00/29] Block patches Daniel H Barboza
2014-08-22 16:23 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1408719113-5316-16-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).