mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
447b0d0b9e
qemu/include
History
Paolo Bonzini 447b0d0b9e memory: avoid "resurrection" of dead FlatViews 
It's possible for address_space_get_flatview() as it currently stands
to cause a use-after-free for the returned FlatView, if the reference
count is incremented after the FlatView has been replaced by a writer:

   thread 1             thread 2             RCU thread
  -------------------------------------------------------------
   rcu_read_lock
   read as->current_map
                        set as->current_map
                        flatview_unref
                           '--> call_rcu
   flatview_ref
     [ref=1]
   rcu_read_unlock
                                             flatview_destroy
   <badness>

Since FlatViews are not updated very often, we can just detect the
situation using a new atomic op atomic_fetch_inc_nonzero, similar to
Linux's atomic_inc_not_zero, which performs the refcount increment only if
it hasn't already hit zero.  This is similar to Linux commit de09a9771a53
("CRED: Fix get_task_cred() and task_state() to not resurrect dead
credentials", 2010-07-29).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-09-21 23:19:37 +02:00
..
block scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
chardev char: don't exit on hmp 'chardev-add help' 2017-08-01 17:27:33 +02:00
crypto crypto: hmac: add hmac driver framework 2017-07-19 10:11:05 +01:00
disas Fix Thumb-1 BE32 execution and disassembly. 2017-02-07 18:29:59 +00:00
exec tcg: Move USE_DIRECT_JUMP discriminator to tcg/cpu/tcg-target.h 2017-09-07 11:57:34 -07:00
fpu configure: Drop ancient Solaris 9 and earlier support 2017-07-21 15:04:05 +01:00
hw virtio-serial: add enable_backend callback 2017-09-21 11:51:49 +02:00
io io: Add new qio_channel_read{, v}_all_eof functions 2017-09-06 10:11:54 -05:00
libdecnumber Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
migration migration: remove check against colo support 2017-07-18 17:36:24 +02:00
monitor block: rip out all traces of password prompting 2017-07-11 17:44:56 +02:00
net net/net.c: Add vnet_hdr support in SocketReadState 2017-07-17 20:02:11 +08:00
qapi qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
qemu memory: avoid "resurrection" of dead FlatViews 2017-09-21 23:19:37 +02:00
qom Machine/CPU/NUMA queue, 2017-09-19 2017-09-20 17:35:36 +01:00
scsi scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
standard-headers linux-headers: update to 4.13-rc0 2017-07-14 12:29:10 +02:00
sysemu seccomp: add resourcecontrol argument to command line 2017-09-15 10:15:06 +02:00
ui console: use DIV_ROUND_UP 2017-08-31 12:29:07 +02:00
elf.h tcg/s390: Use constant pool for movi 2017-09-07 11:57:35 -07:00
glib-compat.h qga: Add 'guest-get-users' command 2017-04-26 23:57:45 -05:00
qemu-common.h maint: Include bug-reporting info in --help output 2017-08-08 17:28:53 +02:00
qemu-io.h hmp: Request permissions in qemu-io 2017-02-28 20:47:50 +01:00
trace-tcg.h trace: get rid of generated-events.h/generated-events.c 2016-10-12 09:54:52 +02:00