[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/2] zero pointer after bdrv_unref_child
|
From: |
Max Reitz |
|
Subject: |
Re: [PATCH 0/2] zero pointer after bdrv_unref_child |
|
Date: |
Mon, 23 Mar 2020 15:11:56 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
On 16.03.20 07:06, Vladimir Sementsov-Ogievskiy wrote:
> Hi all!
>
> I faced use-after-free of bs->backing pointer after bdrv_unref_child in
> bdrv_set_backing_hd.
>
> Fix it, and do similar thing for s->data_file in qcow2.c.
>
> I'm not sure that this is the full fix. Is it safe to keep bs->backing
> during bdrv_unref_child itself? Is it safe to keep bs->backing during
> all-child-unref loop in bdrv_close?
>
>
> Vladimir Sementsov-Ogievskiy (2):
> block: bdrv_set_backing_bs: fix use-after-free
> block/qcow2: zero data_file child after free
Thanks, applied to my block branch:
https://git.xanclic.moe/XanClic/qemu/commits/branch/block
Max
signature.asc
Description: OpenPGP digital signature