[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 01/69] coroutine: Fix use after free with qemu_corout
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PULL 01/69] coroutine: Fix use after free with qemu_coroutine_yield() |
Date: |
Fri, 27 Feb 2015 18:17:59 +0000 |
From: Kevin Wolf <address@hidden>
Instead of using the same function for entering and exiting coroutines,
and hoping that it doesn't add any functionality that hurts with the
parameters used for exiting, we can just directly call into the real
task switch in qemu_coroutine_switch().
This fixes a use-after-free scenario where reentering a coroutine that
has yielded still accesses the old parent coroutine (which may have
meanwhile terminated) in the part of coroutine_swap() that follows
qemu_coroutine_switch().
Cc: address@hidden
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
---
qemu-coroutine.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qemu-coroutine.c b/qemu-coroutine.c
index 525247b..5019b81 100644
--- a/qemu-coroutine.c
+++ b/qemu-coroutine.c
@@ -148,5 +148,5 @@ void coroutine_fn qemu_coroutine_yield(void)
}
self->caller = NULL;
- coroutine_swap(self, to);
+ qemu_coroutine_switch(self, to, COROUTINE_YIELD);
}
--
2.1.0
- [Qemu-devel] [PULL 00/69] Block patches, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 03/69] test-coroutine: Regression test for yield bug, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 01/69] coroutine: Fix use after free with qemu_coroutine_yield(),
Stefan Hajnoczi <=
- [Qemu-devel] [PULL 02/69] coroutine: Clean up qemu_coroutine_enter(), Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 04/69] vpc: Fix size in fixed image creation, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 07/69] block/raw-posix: fix compilation warning on OSX, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 05/69] vpc: Implement bdrv_co_get_block_status(), Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 08/69] qcow2: Remove unused struct QCowCreateState, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 09/69] virtio-blk: Check return value of blk_aio_ioctl, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 11/69] tests: Prepare virtio-blk-test for multi-arch implementation, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 10/69] libqos: Change use of pointers to uint64_t in virtio, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 12/69] libqos: Remove PCI assumptions in constants of virtio driver, Stefan Hajnoczi, 2015/02/27
- [Qemu-devel] [PULL 13/69] libqos: Add malloc generic, Stefan Hajnoczi, 2015/02/27