david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
QEMU-Nyx-fork/block
History
Kevin Wolf 19ebd13ed4 commit: Fix use after free in completion 
The final bdrv_set_backing_hd() could be working on already freed nodes
because the commit job drops its references (through BlockBackends) to
both overlay_bs and top already a bit earlier.

One way to trigger the bug is hot unplugging a disk for which
blockdev_mark_auto_del() cancels the block job.

Fix this by taking BDS-level references while we're still using the
nodes.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-06-09 13:46:13 +02:00
..
accounting.c
block: Clean up includes
2016-01-20 13:36:23 +01:00
backup.c
blockjob: introduce block_job_early_fail
2017-05-24 16:38:51 -04:00
blkdebug.c
blkdebug: Add ability to override unmap geometries
2017-05-11 14:28:06 +02:00
blkreplay.c
block: Do not unref bs->file on error in BD's open
2017-04-27 16:12:13 +02:00
blkverify.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
block-backend.c
block: Fix anonymous BBs in blk_root_inactivate()
2017-06-09 11:45:03 +02:00
bochs.c
block: do not set BDS read_only if copy_on_read enabled
2017-04-24 15:09:33 -04:00
cloop.c
block: do not set BDS read_only if copy_on_read enabled
2017-04-24 15:09:33 -04:00
commit.c
commit: Fix use after free in completion
2017-06-09 13:46:13 +02:00
crypto.c
crypto: move 'opaque' parameter to (nearly) the end of parameter list
2017-05-09 14:41:47 +01:00
curl.c
curl: do not do aio_poll when waiting for a free CURLState
2017-05-16 10:34:50 -04:00
dirty-bitmap.c
block: More operations for meta dirty bitmap
2016-10-24 17:56:07 +02:00
dmg-bz2.c
dmg: Move libbz2 code to dmg-bz2.so
2016-10-07 14:14:06 +02:00
dmg.c
block: do not set BDS read_only if copy_on_read enabled
2017-04-24 15:09:33 -04:00
dmg.h
dmg: Move libbz2 code to dmg-bz2.so
2016-10-07 14:14:06 +02:00
file-posix.c
block/file-*: *_parse_filename() and colons
2017-05-29 15:39:54 +02:00
file-win32.c
block/file-*: *_parse_filename() and colons
2017-05-29 15:39:54 +02:00
gluster.c
gluster: add support for PREALLOC_MODE_FALLOC
2017-06-02 10:51:47 -04:00
io.c
blockjob: introduce block_job_pause/resume_all
2017-05-24 16:38:51 -04:00
iscsi-opts.c
block/iscsi: statically link qemu_iscsi_opts
2017-01-27 18:07:58 +01:00
iscsi.c
block: Add .bdrv_truncate() error messages
2017-04-28 16:02:03 +02:00
linux-aio.c
block: explicitly acquire aiocontext in aio callbacks that need it
2017-02-21 11:39:39 +00:00
Makefile.objs
block/vxhs.c: Add support for a new block device type called "vxhs"
2017-04-24 15:08:42 -04:00
mirror.c
Block layer patches
2017-05-30 14:15:15 +01:00
nbd-client.c
nbd-client: fix handling of hungup connections
2017-03-27 16:50:36 +02:00
nbd-client.h
nbd: drop unused NBDClientSession.is_unix field
2017-03-27 14:41:01 +02:00
nbd.c
sockets: Limit SocketAddressLegacy to external interfaces
2017-05-09 09:14:40 +02:00
nfs.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
null.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
parallels.c
block: Add errp to b{lk,drv}_truncate()
2017-04-28 16:02:02 +02:00
qapi.c
block: Don't bother asserting type of output visitor's output
2017-02-22 19:52:20 +01:00
qcow2-cache.c
qcow2: Remove stale comment
2016-11-25 13:51:30 +01:00
qcow2-cluster.c
block: Tweak error message related to qemu-img amend
2017-05-29 15:39:54 +02:00
qcow2-refcount.c
qcow2: Make distinction between zero cluster types obvious
2017-05-11 14:28:07 +02:00
qcow2-snapshot.c
qcow2: Discard/zero clusters by byte count
2017-05-11 14:28:07 +02:00
qcow2.c
qcow2: remove extra local_error variable
2017-05-29 15:39:53 +02:00
qcow2.h
qcow2: Discard/zero clusters by byte count
2017-05-11 14:28:07 +02:00
qcow.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
qed-check.c
qed: Use DIV_ROUND_UP
2016-06-07 18:19:24 +03:00
qed-cluster.c
block: explicitly acquire aiocontext in aio callbacks that need it
2017-02-21 11:39:39 +00:00
qed-gencb.c
block: Clean up includes
2016-01-20 13:36:23 +01:00
qed-l2-cache.c
block: Clean up includes
2016-01-20 13:36:23 +01:00
qed-table.c
block: explicitly acquire aiocontext in aio callbacks that need it
2017-02-21 11:39:39 +00:00
qed.c
migration: migration.h was not needed
2017-05-18 19:20:59 +02:00
qed.h
block: explicitly acquire aiocontext in timers that need it
2017-02-21 11:14:08 +00:00
quorum.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
raw-format.c
block: Add .bdrv_truncate() error messages
2017-04-28 16:02:03 +02:00
rbd.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
replication.c
block: Make 'replication_state' an enum
2017-05-07 09:57:51 +03:00
sheepdog.c
sockets: Limit SocketAddressLegacy to external interfaces
2017-05-09 09:14:40 +02:00
snapshot.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
ssh.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
stream.c
stream: fix crash in stream_start() when block_job_create() fails
2017-05-26 16:48:21 +02:00
throttle-groups.c
coroutine-lock: add mutex argument to CoQueue APIs
2017-02-21 11:39:40 +00:00
trace-events
block/vxhs.c: Add support for a new block device type called "vxhs"
2017-04-24 15:08:42 -04:00
vdi.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
vhdx-endian.c
vhdx: Use QEMU UUID API
2016-09-23 11:42:52 +08:00
vhdx-log.c
block: Add errp to b{lk,drv}_truncate()
2017-04-28 16:02:02 +02:00
vhdx.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
vhdx.h
block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec
2014-12-12 15:42:22 +00:00
vmdk.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
vpc.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
vvfat.c
migration: Create migration/blocker.h
2017-05-17 12:04:59 +02:00
vxhs.c
qobject: Use simpler QDict/QList scalar insertion macros
2017-05-09 09:13:51 +02:00
win32-aio.c
block: explicitly acquire aiocontext in aio callbacks that need it
2017-02-21 11:39:39 +00:00
write-threshold.c
block: use bdrv_add_before_write_notifier
2016-10-07 13:34:07 +02:00