| commit | 730a9c53b4e52681fcfe31cf38854cbf91e132c7 | |
| author | Avi Kivity <avi@redhat.com> | |
| Mon, 6 Aug 2012 12:49:03 +0000 (6 15:49 +0300) | ||
| committer | Kevin Wolf <kwolf@redhat.com> | |
| Fri, 10 Aug 2012 08:25:11 +0000 (10 10:25 +0200) | ||
| tree | aa4ca246c15bd0e8bf1bbb339ab0c0f4e4028bb7 | treesnapshot (tar.gz zip) |
| parent | 3d1d9652978ac5a32a0beb4bdf6065ca39440d89 | commitdiff |
virtio-blk: fix use-after-free while handling scsi commands
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| hw/virtio-blk.c | diffblobblamehistory |