From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42759) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ehr9e-0001Ao-4u for qemu-devel@nongnu.org; Sat, 03 Feb 2018 01:18:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ehr9c-0004y8-5x for qemu-devel@nongnu.org; Sat, 03 Feb 2018 01:18:26 -0500 From: Stefan Hajnoczi Date: Sat, 3 Feb 2018 07:16:18 +0100 Message-Id: <20180203061621.7033-1-stefanha@redhat.com> Subject: [Qemu-devel] [PATCH v2 0/3] block/iscsi: fix ioctl cancel use-after-free List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Felipe Franciosi , qemu-block@nongnu.org, Ronnie Sahlberg , Peter Lieven , Paolo Bonzini , Stefan Hajnoczi v2: * It was unnecessary to avoid duplicate iscsi_schedule_bh() calls since this function already protects against duplicate calls internally [Stefan] Patches 1 & 2 are cleanups. Patch 3 fixes cancellation of ioctls. Felipe showed me a trace where an acb is cancelled and then completes twice. The second time around crashes QEMU. Compile-tested only. Felipe: Please let us know if this fixes the issue you are seeing. Thanks! Stefan Hajnoczi (3): block/iscsi: drop unused IscsiAIOCB->buf field block/iscsi: take iscsilun->mutex in iscsi_timed_check_events() block/iscsi: fix ioctl cancel use-after-free block/iscsi.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) -- 2.14.3