qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.4 0/2] AioContext: fix deadlock after aio_

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [PATCH for-2.4 0/2] AioContext: fix deadlock after aio_context_acquire() race
Date: Tue, 28 Jul 2015 14:58:37 +0100 
On Tue, Jul 28, 2015 at 1:18 PM, Paolo Bonzini <address@hidden> wrote:
> I would prefer to fix them all in 2.4 and risk regressions, because the
> bugs are use-after-frees, i.e. pretty bad.

There may be existing use-after-free bugs but keep in mind there are
other common cases:
1. Never touch the QEMUBH again.  Simple leak.
2. Call qemu_bh_delete().  Leak but still not use-after-free, since
the QEMUBH is still allocated.

The only scenario where a real use-after-free occurs is when
qemu_bh_schedule() is called after the AioContext was freed.  We don't
need an assertion to detect that case, just assign bh->ctx = NULL to
cause a segfault if the AioContext is ever accessed again.

Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]