qemu/util
Alexander Bulekov f88ebe0c7d async: avoid use-after-free on re-entrancy guard
A BH callback can free the BH, causing a use-after-free in aio_bh_call.
Fix that by keeping a local copy of the re-entrancy guard pointer.

Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
Fixes: 9c86c97f12 ("async: Add an optional reentrancy guard to the BH API")
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20230501141956.3444868-1-alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 7915bd06f2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-11 10:53:50 +03:00
..
aio-posix.c util/event-loop-base: Introduce options to set the thread pool size 2022-05-09 10:43:23 +01:00
aio-posix.h aio-posix: fix spurious ->poll_ready() callbacks in main loop 2022-03-17 11:23:18 +00:00
aio-wait.c aio_wait_kick: add missing memory barrier 2022-06-24 17:07:06 +02:00
aio-win32.c util/aio-win32: Correct the event array size in aio_poll() 2022-11-06 09:48:26 +01:00
aiocb.c
async-teardown.c os-posix: asynchronous teardown for shutdown on Linux 2022-10-31 09:46:34 +01:00
async.c async: avoid use-after-free on re-entrancy guard 2023-09-11 10:53:50 +03:00
atomic64.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
base64.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
bitmap.c migration: Use non-atomic ops for clear log bitmap 2022-11-21 11:58:10 +01:00
bitops.c
block-helpers.c
block-helpers.h
buffer.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
bufferiszero.c cpuid: use unsigned for max cpuid 2022-02-04 09:07:43 -05:00
cacheflush.c util/cacheflush: Optimize flushing when ppc host has coherent icache 2022-06-21 09:28:41 -07:00
compatfd.c util: replace pipe()+cloexec with g_unix_open_pipe() 2022-05-03 15:18:14 +04:00
coroutine-sigaltstack.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
coroutine-ucontext.c coroutine-ucontext: use QEMU_DEFINE_STATIC_CO_TLS() 2022-05-04 15:55:23 +02:00
coroutine-win32.c coroutine-win32: use QEMU_DEFINE_STATIC_CO_TLS() 2022-05-04 15:55:23 +02:00
crc32c.c
crc-ccitt.c util: Add CRC16 (CCITT) calculation routines 2021-01-24 20:10:54 +01:00
cutils.c cutils: Add missing dyld(3) include on macOS 2022-08-12 11:33:52 +01:00
dbus.c
drm.c
envlist.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
error-report.c error-report: fix g_date_time_format assertion 2022-04-28 08:51:56 +02:00
error.c
event_notifier-posix.c Replace qemu_pipe() with g_unix_open_pipe() 2022-05-03 15:17:56 +04:00
event_notifier-win32.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
fdmon-epoll.c aio-posix: fix race between epoll upgrade and aio_set_fd_handler() 2023-04-10 11:16:14 +03:00
fdmon-io_uring.c aio-posix: fix build failure io_uring 2.2 2022-03-17 11:23:18 +00:00
fdmon-poll.c
fifo8.c utils/fifo8: change fatal errors from abort() to assert() 2021-02-07 20:38:20 +00:00
filemonitor-inotify.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
filemonitor-stub.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
getauxval.c
guest-random.c util/guest-random: Fix size arg to tail memcpy 2021-07-09 18:42:46 +02:00
hbitmap.c block: simplify handling of try to merge different sized bitmaps 2022-06-24 17:07:06 +02:00
hexdump.c include: move C/util-related declarations to cutils.h 2022-04-06 14:31:43 +02:00
host-utils.c host-utils: Implemented signed 256-by-128 division 2022-06-20 08:38:58 -03:00
id.c net: Use id_generate() in the network subsystem, too 2021-03-09 21:47:45 +01:00
int128.c qemu/int128: addition of div/rem 128-bit operations 2022-01-08 15:46:10 +10:00
iov.c util: make do_send_recv work with partial send/recv 2022-10-12 19:22:01 +04:00
iova-tree.c util: accept iova_tree_remove_parameter by value 2022-09-02 10:22:39 +08:00
keyval.c include: add qemu/keyval.h 2022-04-21 17:03:51 +04:00
lockcnt.c
log.c util/log: Ignore per-thread flag if global file already there 2022-11-07 16:00:02 -05:00
main-loop.c async: Add an optional reentrancy guard to the BH API 2023-09-11 10:53:50 +03:00
memalign.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
memfd.c
meson.build qga: Allow building of the guest agent without system emulators or tools 2022-11-11 09:17:45 +01:00
mmap-alloc.c util/mmap-alloc: Remove qemu_mempath_getpagesize() 2022-08-26 13:34:21 +02:00
module.c module: add Error arguments to module_load and module_load_qom 2022-11-06 09:48:50 +01:00
notify.c
nvdimm-utils.c Clean up includes 2020-12-10 17:16:44 +01:00
osdep.c tests/qtest: Use send/recv for socket communication 2022-10-28 11:17:12 +02:00
oslib-posix.c util: Make qemu_prealloc_mem() optionally consume a ThreadContext 2022-10-27 11:00:56 +02:00
oslib-win32.c util: Make qemu_prealloc_mem() optionally consume a ThreadContext 2022-10-27 11:00:56 +02:00
path.c
qdist.c
qemu-co-shared-resource.c co-shared-resource: protect with a mutex 2021-06-25 14:24:24 +03:00
qemu-co-timeout.c util: add qemu-co-timeout 2022-06-29 10:56:12 +03:00
qemu-config.c Revert "s390x/s390-virtio-ccw: add zpcii-disable machine property" 2022-11-08 10:10:57 +01:00
qemu-coroutine-io.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
qemu-coroutine-lock.c coroutine: add flag to re-queue at front of CoQueue 2022-10-26 14:56:42 -04:00
qemu-coroutine-sleep.c coroutine-sleep: introduce qemu_co_sleep 2021-05-21 18:22:33 +01:00
qemu-coroutine.c coroutine: remove incorrect coroutine_fn annotations 2022-10-07 12:11:40 +02:00
qemu-option.c qemu-option: Allow deleting opts during qemu_opts_foreach() 2021-10-15 16:11:22 +02:00
qemu-print.c
qemu-progress.c include: move progress API to qemu-progress.h 2022-04-06 14:31:43 +02:00
qemu-sockets.c -----BEGIN PGP SIGNATURE----- 2022-10-30 18:30:01 -04:00
qemu-thread-common.h
qemu-thread-posix.c util: Introduce qemu_thread_set_affinity() and qemu_thread_get_affinity() 2022-10-27 11:00:36 +02:00
qemu-thread-win32.c util: Introduce qemu_thread_set_affinity() and qemu_thread_get_affinity() 2022-10-27 11:00:36 +02:00
qemu-timer-common.c semihosting: Implement SYS_ELAPSED and SYS_TICKFREQ 2021-01-18 10:05:06 +00:00
qemu-timer.c qemu-timer: Skip empty timer lists before locking in qemu_clock_deadline_ns_all 2022-06-21 09:24:34 -07:00
qht.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
qsp.c qemu/atomic: Add aligned_{int64,uint64}_t types 2021-07-21 07:45:38 -10:00
range.c
rcu.c rcu: use coroutine TLS macros 2022-03-04 18:14:40 +01:00
readline.c readline: Fix possible array index out of bounds in readline_hist_add() 2021-01-04 11:13:39 +00:00
selfmap.c util/selfmap: Discard mapping on error 2021-07-26 07:06:49 -10:00
stats64.c
sys_membarrier.c
systemd.c
thread-context.c util: Add write-only "node-affinity" property for ThreadContext 2022-10-27 11:00:50 +02:00
thread-pool.c thread-pool: signal "request_cond" while locked 2023-08-02 17:21:20 +03:00
throttle.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
timed-average.c
trace-events async: Add an optional reentrancy guard to the BH API 2023-09-11 10:53:50 +03:00
trace.h
transactions.c transactions: Invoke clean() after everything else 2021-11-16 09:43:44 +01:00
unicode.c
uri.c util/uri: do not check argument of uri_free() 2021-07-09 12:26:05 +02:00
userfaultfd.c migration: introduce UFFD-WP low-level interface helpers 2021-02-08 11:19:51 +00:00
uuid.c
vfio-helpers.c util/vfio-helpers: Use g_file_read_link() 2023-05-28 12:02:26 +03:00
vhost-user-server.c util: rename qemu_*block() socket functions 2022-05-03 15:53:20 +04:00
yank.c yank: Remove dependency on qiochannel 2021-04-01 15:27:44 +04:00