提交 730a9c53 编写于 作者: A Avi Kivity 提交者: Kevin Wolf

virtio-blk: fix use-after-free while handling scsi commands

The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.

Reproducible by running a guest with aio=native on a block device.
Reported-by: NStefan Priebe <s.priebe@profihost.ag>
Signed-off-by: NAvi Kivity <avi@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
上级 3d1d9652
...@@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req) ...@@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
virtio_blk_req_complete(req, status); virtio_blk_req_complete(req, status);
g_free(req); g_free(req);
return;
#else #else
abort(); abort();
#endif #endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册