Re: [PATCH] block: Fix use after free in blockdev_mark_auto

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] block: Fix use after free in blockdev_mark_auto_del()

From:	Stefan Hajnoczi
Subject:	Re: [PATCH] block: Fix use after free in blockdev_mark_auto_del()
Date:	Wed, 3 May 2023 12:01:00 -0400

On Wed, May 03, 2023 at 04:01:42PM +0200, Kevin Wolf wrote:
> job_cancel_locked() drops the job list lock temporarily and it may call
> aio_poll(). We must assume that the list has changed after this call.
> Also, with unlucky timing, it can end up freeing the job during
> job_completed_txn_abort_locked(), making the job pointer invalid, too.
> 
> For both reasons, we can't just continue at block_job_next_locked(job).
> Instead, start at the head of the list again after job_cancel_locked()
> and skip those jobs that we already cancelled (or that are completing
> anyway).
> 
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
>  blockdev.c | 18 ++++++++++++++----
>  1 file changed, 14 insertions(+), 4 deletions(-)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] block: Fix use after free in blockdev_mark_auto_del(), Kevin Wolf, 2023/05/03
- Re: [PATCH] block: Fix use after free in blockdev_mark_auto_del(), Stefan Hajnoczi <=

Prev by Date: Re: [PATCH] block/blkio: add 'fd' option to virtio-blk-vhost-vdpa driver
Next by Date: [PATCH] iotests/nbd-reconnect-on-open: Fix NBD socket path
Previous by thread: [PATCH] block: Fix use after free in blockdev_mark_auto_del()
Next by thread: Re: [PULL 11/18] migration: Create migrate_block_bitmap_mapping() function
Index(es):
- Date
- Thread