mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e95205e1f9
qemu/include
History
Fam Zheng e95205e1f9 dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel 
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:

     continue_after_map_failure               dma_aio_cancel
     ------------------------------------------------------------------
     aio_bh_new
                                              qemu_bh_delete
     qemu_bh_schedule (use after free)

Also, the old code doesn't run the bh in the right AioContext.

Fix both problems by passing a QEMUBH to cpu_register_map_client.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
..
block nbd: Set block size to BDRV_SECTOR_SIZE 2015-03-18 12:07:01 +01:00
disas disas: Implement disassembly output for A64 2014-02-08 14:50:48 +00:00
exec dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel 2015-04-27 18:24:18 +02:00
fpu softfloat: expand out STATUS macro 2015-02-06 16:11:38 +00:00
hw stm32f205: Fix SoC type name 2015-04-13 11:37:10 +01:00
libdecnumber Fix new typos in comments (found by codespell) 2014-07-18 17:45:36 +04:00
migration migration: Remove unused functions 2015-03-17 15:20:37 +01:00
monitor qom: Implement info qom-tree HMP command 2015-03-17 14:31:21 +01:00
net virtio-net,tap: use standard-headers 2015-02-26 13:04:04 +01:00
qapi qerror.h: Swap definitions that were not in alphabetical order 2015-03-10 08:15:33 +03:00
qemu rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
qom qom: Add can_be_deleted callback to UserCreatableClass 2015-04-01 10:06:38 +02:00
standard-headers misc fixes and cleanups 2015-03-12 09:13:07 +00:00
sysemu numa: introduce machine callback for VCPU to node mapping 2015-03-19 16:12:09 -03:00
ui pixman: add a bunch of PIXMAN_BE_* defines for 32bpp 2015-03-12 15:50:11 +01:00
config.h janitor: move remaining public headers to include/ 2012-12-19 08:32:46 +01:00
elf.h elf-loader: Provide the possibility to relocate s390 ELF files 2015-03-10 09:26:27 +01:00
glib-compat.h glib-compat: fix problems with not-quite glib 2.22 2015-04-02 16:53:42 +01:00
qemu-common.h qxl: refactor rounding up to a nearest power of 2 2015-03-03 08:33:08 +01:00
qemu-io.h qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
qjson.h QJSON: Add JSON writer 2015-02-05 17:16:14 +01:00
trace-tcg.h trace: [tcg] Generate TCG tracing routines 2014-08-12 14:26:12 +01:00
trace.h trace: [tcg] Include event definitions in "trace.h" 2014-08-12 14:26:12 +01:00