falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/block
History
Stefan Hajnoczi 4a81ab81e4 qed: fix use-after-free during l2 cache commit 
QED's metadata caching strategy allows two parallel requests to race for
metadata lookup.  The first one to complete will populate the metadata
cache and the second one will drop the data it just read in favor of the
cached data.

There is a use-after-free in qed_read_l2_table_cb() and
qed_commit_l2_update() where l2_table->offset was used after the
l2_table may have been freed due to a metadata lookup race.  Fix this by
keeping the l2_offset in a local variable and not reaching into the
possibly freed l2_table.

Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
 		2011-10-05 11:33:31 -05:00
..
blkdebug.c block: Allow bdrv_flush to return errors 2010-11-04 12:52:16 +01:00
blkverify.c block: avoid a warning on 64 bit hosts with long as int64_t 2010-11-04 13:54:37 +01:00
bochs.c bochs: use qemu block API 2010-05-17 10:20:05 +02:00
cloop.c cloop: use qemu block API 2010-05-17 10:20:04 +02:00
cow.c block: Allow bdrv_flush to return errors 2010-11-04 12:52:16 +01:00
curl.c Fix %lld or %llx printf format use 2010-05-22 08:02:12 +00:00
dmg.c dmg: use qemu block API 2010-05-17 10:20:05 +02:00
nbd.c NBD: Avoid leaking a couple of strings when the NBD device is closed 2011-05-03 11:29:21 +02:00
parallels.c parallels: use qemu block API 2010-05-17 10:20:05 +02:00
qcow.c qcow: Avoid direct AIO callback 2011-06-14 17:03:27 +02:00
qcow2-cache.c qcow2: Use Qcow2Cache in writeback mode during loadvm/savevm 2011-07-19 15:39:22 +02:00
qcow2-cluster.c qcow2: Fix in-flight list after qcow2_cache_put failure 2011-06-15 14:36:15 +02:00
qcow2-refcount.c qcow2: Use Qcow2Cache in writeback mode during loadvm/savevm 2011-07-19 15:39:22 +02:00
qcow2-snapshot.c qcow2: Fix L1 table size after bdrv_snapshot_goto 2011-08-05 07:25:45 -05:00
qcow2.c Strip trailing '\n' from error_report()'s first argument 2011-06-24 09:13:36 +01:00
qcow2.h qcow2: Use Qcow2Cache in writeback mode during loadvm/savevm 2011-07-19 15:39:22 +02:00
qed-check.c qed: Fix consistency check on 32-bit hosts 2011-04-27 16:21:00 +02:00
qed-cluster.c qed: Add support for zero clusters 2011-04-13 12:06:41 +02:00
qed-gencb.c qed: Table, L2 cache, and cluster functions 2010-12-17 16:11:04 +01:00
qed-l2-cache.c qed: Table, L2 cache, and cluster functions 2010-12-17 16:11:04 +01:00
qed-table.c qed: fix use-after-free during l2 cache commit 2011-10-05 11:33:31 -05:00
qed.c qed: fix use-after-free during l2 cache commit 2011-10-05 11:33:31 -05:00
qed.h qed: Periodically flush and clear need check bit 2011-05-18 14:38:46 +02:00
raw-posix-aio.h Remove aio_ctx from paio_* interface 2009-10-30 08:39:34 -05:00
raw-posix.c block: add bdrv_get_allocated_file_size() operation 2011-07-19 15:39:08 +02:00
raw-win32.c block: add bdrv_get_allocated_file_size() operation 2011-07-19 15:39:08 +02:00
raw.c block: add discard support 2010-12-17 16:11:03 +01:00
rbd.c block/rbd: Remove unused local variable 2011-06-14 10:01:19 +02:00
sheepdog.c Wrap recv to avoid warnings 2011-07-25 14:38:56 +00:00
vdi.c vdi: Avoid direct AIO callback 2011-06-15 14:35:15 +02:00
vmdk.c block: add bdrv_get_allocated_file_size() operation 2011-07-19 15:39:08 +02:00
vpc.c vpc.c: Use get_option_parameter() does the search 2011-04-13 12:31:41 +02:00
vvfat.c vvfat: fix a file descriptor leak 2011-01-12 19:48:58 +00:00