[Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()

From:	Jia-Shiun Li
Subject:	[Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()
Date:	Fri, 23 Jun 2017 11:09:57 +0800

In commit 9e0bc24f dev->log_size was reset to zero too early before
syncing vhost log. It causes syncing to be skipped.

Move it to clear dev->log* after use.

Signed-off-by: Jia-Shiun Li <address@hidden>
---
 hw/virtio/vhost.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 6eddb09..c9ddf11 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -375,8 +375,6 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
     if (!log) {
         return;
     }
-    dev->log = NULL;
-    dev->log_size = 0;
 
     --log->refcnt;
     if (log->refcnt == 0) {
@@ -396,6 +394,8 @@ static void vhost_log_put(struct vhost_dev *dev, bool sync)
 
         g_free(log);
     }
+    dev->log = NULL;
+    dev->log_size = 0;
 }
 
 static bool vhost_dev_log_is_shared(struct vhost_dev *dev)
-- 
2.7.4

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), Jia-Shiun Li <=
- Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), Marc-André Lureau, 2017/06/28
  - Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put(), jsli, 2017/06/30

Prev by Date: Re: [Qemu-devel] Query on VFIO in Virtual machine
Next by Date: Re: [Qemu-devel] [PATCH v4 02/10] accel: introduce AccelClass.global_props
Previous by thread: [Qemu-devel] [PATCH RESEND] QEMU Guest Agent: Fix memory leak of device information set
Next by thread: Re: [Qemu-devel] [PATCH] vhost: Fix use-after-free in vhost_log_put()
Index(es):
- Date
- Thread