Searched hist:e95205e1f9cd2c4262b7a7b1c992a94512c86d0e (Results 1 – 1 of 1) sorted by relevance
| /qemu/include/exec/ |
| H A D | cpu-common.h | e95205e1f9cd2c4262b7a7b1c992a94512c86d0e Mon Mar 16 09:03:37 UTC 2015 Fam Zheng <famz@redhat.com> dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:
continue_after_map_failure dma_aio_cancel
------------------------------------------------------------------
aio_bh_new
qemu_bh_delete
qemu_bh_schedule (use after free)
Also, the old code doesn't run the bh in the right AioContext.
Fix both problems by passing a QEMUBH to cpu_register_map_client.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|