[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH v6 03/10] virtio-blk: fix reference a pointer
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-trivial] [PATCH v6 03/10] virtio-blk: fix reference a pointer which might be freed |
Date: |
Mon, 18 Aug 2014 22:17:10 +0200 |
On Mon, Aug 18, 2014 at 03:49:22PM +0400, Michael Tokarev wrote:
> 14.08.2014 11:29, zhanghailiang wrote:
> > In function virtio_blk_handle_request, it may freed memory pointed by req,
> > So do not access member of req after calling this function.
> >
> > Reviewed-by: Stefan Hajnoczi <address@hidden>
> > Signed-off-by: zhanghailiang <address@hidden>
> > ---
> > hw/block/virtio-blk.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> > index c241c50..54a853a 100644
> > --- a/hw/block/virtio-blk.c
> > +++ b/hw/block/virtio-blk.c
> > @@ -458,7 +458,7 @@ static void virtio_blk_handle_output(VirtIODevice
> > *vdev, VirtQueue *vq)
> > static void virtio_blk_dma_restart_bh(void *opaque)
> > {
> > VirtIOBlock *s = opaque;
> > - VirtIOBlockReq *req = s->rq;
> > + VirtIOBlockReq *req = s->rq, *next = NULL;
> > MultiReqBuffer mrb = {
> > .num_writes = 0,
> > };
> > @@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
> > s->rq = NULL;
> >
> > while (req) {
> > + next = req->next;
> > virtio_blk_handle_request(req, &mrb);
> > - req = req->next;
> > + req = next;
> > }
> >
> > virtio_submit_multiwrite(s->bs, &mrb);
>
> So, finally, I've applied this patch:
>
> --- a/hw/block/virtio-blk.c
> +++ b/hw/block/virtio-blk.c
> @@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
> s->rq = NULL;
>
> while (req) {
> + VirtIOBlockReq *next = req->next;
> virtio_blk_handle_request(req, &mrb);
> - req = req->next;
> + req = next;
> }
>
> virtio_submit_multiwrite(s->bs, &mrb);
>
> and dropped Stefan's Reviewed-by on the way ;)
>
> This is a bugfix after all ;)
>
> Thanks,
>
> /mjt
By the way, could you please add Cc qemu-stable on bugfixes
you have queued?
These are likely appopriate for 2.1.1.
--
MST
- [Qemu-trivial] [PATCH v6 09/10] tcg: check return value of fopen(), (continued)
[Qemu-trivial] [PATCH v6 03/10] virtio-blk: fix reference a pointer which might be freed, zhanghailiang, 2014/08/14
Re: [Qemu-trivial] [PATCH v6 03/10] virtio-blk: fix reference a pointer which might be freed, Michael Tokarev, 2014/08/18
[Qemu-trivial] [PATCH v6 08/10] tests/bios-tables-test: check the value returned by fopen(), zhanghailiang, 2014/08/14
[Qemu-trivial] [PATCH v6 02/10] monitor: fix access freed memory, zhanghailiang, 2014/08/14
[Qemu-trivial] [PATCH v6 10/10] block/vvfat: fix setbuf stream parameter may be NULL, zhanghailiang, 2014/08/14