[Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands
@ 2012-08-06 12:49 Avi Kivity
  2012-08-06 13:11 ` Stefan Hajnoczi
  0 siblings, 1 reply; 4+ messages in thread
From: Avi Kivity @ 2012-08-06 12:49 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-devel

The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.

Reprducible by running a guest with aio=native on a block device.

Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
---
 hw/virtio-blk.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index f21757e..552b3b6 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
 
     virtio_blk_req_complete(req, status);
     g_free(req);
+    return;
 #else
     abort();
 #endif
-- 
1.7.11.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands
  2012-08-06 12:49 [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands Avi Kivity
@ 2012-08-06 13:11 ` Stefan Hajnoczi
  2012-08-06 13:14   ` Avi Kivity
  2012-08-06 14:21   ` Andreas Färber
  0 siblings, 2 replies; 4+ messages in thread
From: Stefan Hajnoczi @ 2012-08-06 13:11 UTC (permalink / raw)
  To: Avi Kivity; +Cc: Kevin Wolf, qemu-devel

On Mon, Aug 6, 2012 at 1:49 PM, Avi Kivity <avi@redhat.com> wrote:
> The scsi passthrough handler falls through after completing a
> request into the failure path, resulting in a use after free.
>
> Reprducible by running a guest with aio=native on a block device.
>
> Reported-by: Stefan Priebe <s.priebe@profihost.ag>
> Signed-off-by: Avi Kivity <avi@redhat.com>
> ---
>  hw/virtio-blk.c | 1 +
>  1 file changed, 1 insertion(+)

It would be nice to fix up the commit message:
s/virtio-mlk/virtio-blk/

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands
  2012-08-06 13:11 ` Stefan Hajnoczi
@ 2012-08-06 13:14   ` Avi Kivity
  2012-08-06 14:21   ` Andreas Färber
  1 sibling, 0 replies; 4+ messages in thread
From: Avi Kivity @ 2012-08-06 13:14 UTC (permalink / raw)
  To: Stefan Hajnoczi; +Cc: Kevin Wolf, qemu-devel

On 08/06/2012 04:11 PM, Stefan Hajnoczi wrote:
> On Mon, Aug 6, 2012 at 1:49 PM, Avi Kivity <avi@redhat.com> wrote:
>> The scsi passthrough handler falls through after completing a
>> request into the failure path, resulting in a use after free.
>>
>> Reprducible by running a guest with aio=native on a block device.
>>
>> Reported-by: Stefan Priebe <s.priebe@profihost.ag>
>> Signed-off-by: Avi Kivity <avi@redhat.com>
>> ---
>>  hw/virtio-blk.c | 1 +
>>  1 file changed, 1 insertion(+)
> 
> It would be nice to fix up the commit message:
> s/virtio-mlk/virtio-blk/

Sorry, an off-by-two.  Presumably Kevin will fix it up.

> 
> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
> 

Thanks.

-- 
error compiling committee.c: too many arguments to function

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands
  2012-08-06 13:11 ` Stefan Hajnoczi
  2012-08-06 13:14   ` Avi Kivity
@ 2012-08-06 14:21   ` Andreas Färber
  1 sibling, 0 replies; 4+ messages in thread
From: Andreas Färber @ 2012-08-06 14:21 UTC (permalink / raw)
  To: Avi Kivity, Kevin Wolf; +Cc: Stefan Hajnoczi, qemu-devel

Am 06.08.2012 15:11, schrieb Stefan Hajnoczi:
> On Mon, Aug 6, 2012 at 1:49 PM, Avi Kivity <avi@redhat.com> wrote:
>> The scsi passthrough handler falls through after completing a
>> request into the failure path, resulting in a use after free.
>>
>> Reprducible by running a guest with aio=native on a block device.

While at it, also "Reproducible".

/-F

>>
>> Reported-by: Stefan Priebe <s.priebe@profihost.ag>
>> Signed-off-by: Avi Kivity <avi@redhat.com>
>> ---
>>  hw/virtio-blk.c | 1 +
>>  1 file changed, 1 insertion(+)
> 
> It would be nice to fix up the commit message:
> s/virtio-mlk/virtio-blk/
> 
> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2012-08-06 14:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-06 12:49 [Qemu-devel] [PATCH master/stable] virtio-mlk: fix use-after-free while handling scsi commands Avi Kivity
2012-08-06 13:11 ` Stefan Hajnoczi
2012-08-06 13:14   ` Avi Kivity
2012-08-06 14:21   ` Andreas Färber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).