Patchwork virtio-blk: Fix use after release in virtio_blk_handle_rw_error

login
register
mail settings
Submitter Jan Kiszka
Date April 7, 2010, 11:47 a.m.
Message ID <4BBC70E3.6010609@siemens.com>
Download mbox | patch
Permalink /patch/49600/
State New
Headers show

Comments

Jan Kiszka - April 7, 2010, 11:47 a.m.
virtio_blk_req_complete releases the request we dereference again for
bdrv_mon_event. Reorder both calls to fix this.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 hw/virtio-blk.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Christoph Hellwig - April 7, 2010, 11:57 a.m.
On Wed, Apr 07, 2010 at 01:47:47PM +0200, Jan Kiszka wrote:
> virtio_blk_req_complete releases the request we dereference again for
> bdrv_mon_event. Reorder both calls to fix this.

I think Kevin alreday sent a patch to use the local state variable
which is still around.  Either way looks fine to me.
Kevin Wolf - April 7, 2010, 12:18 p.m.
Am 07.04.2010 13:57, schrieb Christoph Hellwig:
> On Wed, Apr 07, 2010 at 01:47:47PM +0200, Jan Kiszka wrote:
>> virtio_blk_req_complete releases the request we dereference again for
>> bdrv_mon_event. Reorder both calls to fix this.
> 
> I think Kevin alreday sent a patch to use the local state variable
> which is still around.  Either way looks fine to me.

Yes, it's the same thing, so I won't pick this up for my block branch
even though Jan's fix looks fine, too.

Kevin
Luiz Capitulino - April 7, 2010, 12:32 p.m.
On Wed, 07 Apr 2010 14:18:26 +0200
Kevin Wolf <kwolf@redhat.com> wrote:

> Am 07.04.2010 13:57, schrieb Christoph Hellwig:
> > On Wed, Apr 07, 2010 at 01:47:47PM +0200, Jan Kiszka wrote:
> >> virtio_blk_req_complete releases the request we dereference again for
> >> bdrv_mon_event. Reorder both calls to fix this.
> > 
> > I think Kevin alreday sent a patch to use the local state variable
> > which is still around.  Either way looks fine to me.
> 
> Yes, it's the same thing, so I won't pick this up for my block branch
> even though Jan's fix looks fine, too.

 I also resend Kevin's fix two days ago as part of a git pull, but
looks like Anthony is away..
Luiz Capitulino - April 7, 2010, 12:33 p.m.
On Wed, 7 Apr 2010 09:32:35 -0300
Luiz Capitulino <lcapitulino@redhat.com> wrote:

> On Wed, 07 Apr 2010 14:18:26 +0200
> Kevin Wolf <kwolf@redhat.com> wrote:
> 
> > Am 07.04.2010 13:57, schrieb Christoph Hellwig:
> > > On Wed, Apr 07, 2010 at 01:47:47PM +0200, Jan Kiszka wrote:
> > >> virtio_blk_req_complete releases the request we dereference again for
> > >> bdrv_mon_event. Reorder both calls to fix this.
> > > 
> > > I think Kevin alreday sent a patch to use the local state variable
> > > which is still around.  Either way looks fine to me.
> > 
> > Yes, it's the same thing, so I won't pick this up for my block branch
> > even though Jan's fix looks fine, too.
> 
>  I also resend Kevin's fix two days ago as part of a git pull, but
> looks like Anthony is away..

 A pull request, I mean.

Patch

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 9915840..d5e8c79 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -76,8 +76,8 @@  static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
         bdrv_mon_event(req->dev->bs, BDRV_ACTION_STOP, is_read);
         vm_stop(0);
     } else {
-        virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
         bdrv_mon_event(req->dev->bs, BDRV_ACTION_REPORT, is_read);
+        virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
     }
 
     return 1;