mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/util
History
Alexander Bulekov 7915bd06f2 async: avoid use-after-free on re-entrancy guard 
A BH callback can free the BH, causing a use-after-free in aio_bh_call.
Fix that by keeping a local copy of the re-entrancy guard pointer.

Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
Fixes: 9c86c97f12 ("async: Add an optional reentrancy guard to the BH API")
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20230501141956.3444868-1-alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-02 10:03:26 +02:00
..
aio-posix.c
aio: make aio_set_fd_poll() static to aio-posix.c
2023-03-13 15:23:37 +04:00
aio-posix.h
aio-wait.c
aio_wait_kick: add missing memory barrier
2022-06-24 17:07:06 +02:00
aio-win32.c
win32: avoid mixing SOCKET and file descriptor space
2023-03-13 15:39:31 +04:00
aiocb.c
async-teardown.c
Fix non-first inclusions of qemu/osdep.h
2023-02-08 07:28:05 +01:00
async.c
async: avoid use-after-free on re-entrancy guard
2023-05-02 10:03:26 +02:00
atomic64.c
base64.c
bitmap.c
migration: Use non-atomic ops for clear log bitmap
2022-11-21 11:58:10 +01:00
bitops.c
replace TABs with spaces
2023-03-20 12:43:50 +01:00
block-helpers.c
block-helpers.h
buffer.c
bufferiszero.c
include/qemu/cpuid: Introduce xgetbv_low
2023-03-05 13:44:07 -08:00
cacheflush.c
util/cacheflush: fix cache on windows-arm64
2023-02-21 08:53:03 -10:00
compatfd.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
crc32c.c
crc-ccitt.c
cutils.c
util: remove support for hex numbers with a scaling suffix
2023-01-06 00:51:02 +01:00
dbus.c
drm.c
envlist.c
replace TABs with spaces
2023-03-20 12:43:50 +01:00
error-report.c
util/error: add G_GNUC_PRINTF for various functions
2023-01-11 10:44:34 +01:00
error.c
util/error: Fix use-after-free errors reported by Coverity
2023-04-06 12:38:42 -04:00
event_notifier-posix.c
event_notifier-win32.c
fdmon-epoll.c
aio-posix: fix race between epoll upgrade and aio_set_fd_handler()
2023-03-27 15:12:17 +02:00
fdmon-io_uring.c
fdmon-poll.c
fifo8.c
filemonitor-inotify.c
filemonitor-stub.c
getauxval.c
guest-random.c
replay: Extract core API to 'exec/replay-core.h'
2023-02-27 22:29:01 +01:00
hbitmap.c
hbitmap: fix hbitmap_status() return value for first dirty bit case
2023-02-17 14:34:24 +01:00
hexdump.c
host-utils.c
host-utils: Implemented signed 256-by-128 division
2022-06-20 08:38:58 -03:00
id.c
int128.c
include/qemu/int128: Use Int128 structure for TCI
2023-02-04 06:19:42 -10:00
interval-tree.c
util: Add interval-tree.c
2022-12-20 17:09:41 -08:00
iov.c
util: make do_send_recv work with partial send/recv
2022-10-12 19:22:01 +04:00
iova-tree.c
util: accept iova_tree_remove_parameter by value
2022-09-02 10:22:39 +08:00
keyval.c
lockcnt.c
log.c
log: Remove unneeded new line
2023-03-08 00:37:48 +01:00
main-loop.c
async: Add an optional reentrancy guard to the BH API
2023-04-28 11:31:07 +02:00
memalign.c
memfd.c
meson.build
util: import GTree as QTree
2023-03-28 15:23:10 -07:00
mmap-alloc.c
util/mmap-alloc: qemu_fd_getfs()
2023-04-24 11:29:00 +02:00
module.c
module: add Error arguments to module_load and module_load_qom
2022-11-06 09:48:50 +01:00
notify.c
nvdimm-utils.c
osdep.c
error handling: Use RETRY_ON_EINTR() macro where applicable
2023-01-09 13:50:47 +01:00
oslib-posix.c
util: drop qemu_fork()
2023-03-13 15:23:37 +04:00
oslib-win32.c
win32: add qemu_close_socket_osfhandle()
2023-03-21 11:16:03 +04:00
path.c
qdist.c
qemu-co-shared-resource.c
qemu-co-timeout.c
util: add qemu-co-timeout
2022-06-29 10:56:12 +03:00
qemu-config.c
error: Drop superfluous #include "qapi/qmp/qerror.h"
2023-02-23 13:56:14 +01:00
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-lock: add smp_mb__after_rmw()
2023-03-07 12:39:53 +01:00
qemu-coroutine-sleep.c
coroutine: Clean up superfluous inclusion of qemu/coroutine.h
2023-01-19 10:18:28 +01:00
qemu-coroutine.c
qemu-coroutine: remove qatomic_mb_read()
2023-04-20 11:17:35 +02:00
qemu-option.c
qemu-print.c
qemu-progress.c
qemu-sockets.c
win32: replace closesocket() with close() wrapper
2023-03-13 15:39:31 +04:00
qemu-thread-common.h
qemu-thread-posix.c
qemu-thread-posix: cleanup, fix, document QemuEvent
2023-03-07 12:38:40 +01:00
qemu-thread-win32.c
qemu-thread-win32: cleanup, fix, document QemuEvent
2023-03-07 12:38:40 +01:00
qemu-timer-common.c
qemu-timer.c
qemu-timer: Skip empty timer lists before locking in qemu_clock_deadline_ns_all
2022-06-21 09:24:34 -07:00
qht.c
util/qht: use striped locks under TSAN
2023-02-02 11:48:20 +00:00
qsp.c
qtree.c
tcg: use QTree instead of GTree
2023-03-28 15:23:10 -07:00
range.c
rcu.c
readline.c
readline: Extract readline_add_completion_of() from monitor
2023-02-04 07:56:54 +01:00
selfmap.c
stats64.c
stat64: Add stat64_set() operation
2023-04-27 16:39:43 +02:00
sys_membarrier.c
systemd.c
thread-context.c
qapi: Use returned bool to check for failure (again)
2022-12-14 16:19:35 +01:00
thread-pool.c
thread-pool: avoid passing the pool parameter every time
2023-04-25 13:17:28 +02:00
throttle.c
timed-average.c
trace-events
async: Add an optional reentrancy guard to the BH API
2023-04-28 11:31:07 +02:00
trace.h
transactions.c
unicode.c
uri.c
Updated the FSF address to <https://www.gnu.org/licenses/>
2023-02-27 09:15:39 +01:00
userfaultfd.c
util/userfaultfd: Support /dev/userfaultfd
2023-02-11 16:51:09 +01:00
uuid.c
vfio-helpers.c
error handling: Use RETRY_ON_EINTR() macro where applicable
2023-01-09 13:50:47 +01:00
vhost-user-server.c
block/export: only acquire AioContext once for vhost_user_server_stop()
2023-03-27 13:46:30 +02:00
yank.c