qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v3 0/2] linux-aio: fix two NULL pointer dereferences

From: Nishanth Aravamudan
Subject: [Qemu-devel] [PATCH v3 0/2] linux-aio: fix two NULL pointer dereferences failure paths
Date: Thu, 21 Jun 2018 15:21:41 -0700 
laio_init() can fail for a couple of reasons, which will lead to a NULL
pointer dereference in laio_attach_aio_context(), called from
aio_get_linux_aio().

Test case 1:
    Set /proc/sys/fs/max-aio-nr to 0. Start a guest with an aio=native
    disk.

    Result: laio_init() returns NULL due to not being able to allocate
    any AIO contexts. This NULL is assigned to ctx->linux_aio and
    dereferenced in aio_get_linux_aio.

Test case 2:
    Set /proc/sys/fs/max-aio-nr to 128. Start a guest with an aio=native
    disk and one in-use I/O thread.

    Result: laio_init() returns NULL due to not being able to allocate
    additional AIO contexts for the I/O thread. This NULL is assigned to
    ctx->linux_aio and dereferenced in aio_get_linux_aio.

Thanks to Jon Snow, Eric Blake and Kevin Wolf for review comments on v1
and v2.

Nishanth Aravamudan (2):
  linux-aio: properly bubble up errors from initialization
  file-posix: reconfigure aio on iothread start

 block/file-posix.c      | 33 ++++++++++++++++++++++++++++-----
 block/linux-aio.c       | 15 ++++++++++-----
 include/block/aio.h     |  3 +++
 include/block/raw-aio.h |  2 +-
 stubs/linux-aio.c       |  2 +-
 util/async.c            | 16 +++++++++++++---
 6 files changed, 56 insertions(+), 15 deletions(-)

-- 
2.17.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]