mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e95205e1f9
qemu/include/exec
History
Fam Zheng e95205e1f9 dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel 
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:

     continue_after_map_failure               dma_aio_cancel
     ------------------------------------------------------------------
     aio_bh_new
                                              qemu_bh_delete
     qemu_bh_schedule (use after free)

Also, the old code doesn't run the bh in the right AioContext.

Fix both problems by passing a QEMUBH to cpu_register_map_client.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27 18:24:18 +02:00
..
user abitypes.h: Remove incorrect ARM ABI_LLONG_ALIGNMENT 2013-09-10 19:09:33 +01:00
address-spaces.h exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
cpu_ldst_template.h cpu_ldst_template.h: Drop unused cpu_ldfq/stfq/ldfl/stfl accessors 2015-01-20 15:19:34 +00:00
cpu_ldst_useronly_template.h cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessors 2015-01-20 15:19:34 +00:00
cpu_ldst.h cpu_ldst.h: Allow NB_MMU_MODES to be 7 2015-02-05 13:37:23 +00:00
cpu-all.h Convert ram_list to RCU 2015-02-16 17:31:55 +01:00
cpu-common.h dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel 2015-04-27 18:24:18 +02:00
cpu-defs.h implementing victim TLB for QEMU system emulated TLB 2014-09-01 17:43:06 +01:00
cputlb.h exec: make iotlb RCU-friendly 2015-02-16 17:30:19 +01:00
exec-all.h exec: RCUify AddressSpaceDispatch 2015-02-16 17:30:19 +01:00
gdbstub.h Add the "-semihosting-config" option. 2014-12-11 12:07:48 +00:00
gen-icount.h tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
helper-gen.h trace: [tcg] Include TCG-tracing helpers 2014-08-12 14:26:12 +01:00
helper-head.h tcg: Move size effects out of dh_arg 2014-05-28 09:33:55 -07:00
helper-proto.h trace: [tcg] Include TCG-tracing helpers 2014-08-12 14:26:12 +01:00
helper-tcg.h trace: [tcg] Include TCG-tracing helpers 2014-08-12 14:26:12 +01:00
hwaddr.h hwaddr: Make hwaddr type usable beyond softmmu 2013-06-28 13:25:13 +02:00
ioport.h portio: Allow to mark portio lists as coalesced MMIO flushing 2013-10-17 17:24:15 +02:00
memory-internal.h memory: unregister AddressSpace MemoryListener within BQL 2015-02-10 10:25:44 -07:00
memory.h memory: protect current_map by RCU 2015-02-02 16:55:10 +01:00
poison.h exec: Remove env from list of poisoned names 2013-07-27 11:22:54 +04:00
ram_addr.h exec: qemu_ram_alloc_resizeable, qemu_ram_resize 2015-01-08 13:17:54 +02:00
softmmu-semi.h exec: Change cpu_memory_rw_debug() argument to CPUState 2013-07-23 02:41:33 +02:00
spinlock.h exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00