commit: Fix use after free in completion - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Kevin Wolf	2017-06-02 23:04:55 +0200
committer	Kevin Wolf	2017-06-09 13:46:13 +0200
commit	19ebd13ed45ad5d5f277f5914d55b83f13eb09eb (patch)
tree	ee37d5d3330a0e7824b4fd5aa377d0a6c92b6d30 /tests/qemu-iotests
parent	qemu-iotests: Block migration test (diff)
download	qemu-19ebd13ed45ad5d5f277f5914d55b83f13eb09eb.tar.gz qemu-19ebd13ed45ad5d5f277f5914d55b83f13eb09eb.tar.xz qemu-19ebd13ed45ad5d5f277f5914d55b83f13eb09eb.zip

commit: Fix use after free in completion

The final bdrv_set_backing_hd() could be working on already freed nodes because the commit job drops its references (through BlockBackends) to both overlay_bs and top already a bit earlier. One way to trigger the bug is hot unplugging a disk for which blockdev_mark_auto_del() cancels the block job. Fix this by taking BDS-level references while we're still using the nodes. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>

Diffstat (limited to 'tests/qemu-iotests')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: