]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 710fccf) | patch
vhost: Build temporary section list and deref after commit
authorDr. David Alan Gilbert <dgilbert@redhat.com>
Fri, 19 Jan 2018 10:39:18 +0000 (10:39 +0000)
committerMichael S. Tsirkin <mst@redhat.com>
Thu, 8 Feb 2018 19:06:40 +0000 (21:06 +0200)
commitc44317efecb240b9b0951ad46ba56eb547114f1d
tree1e4996af2bc8700df5e3bc5d245caceec09ae892tree
parent710fccf80d787911120145f508f9c4c664cf0e03commit | diff
vhost: Build temporary section list and deref after commit

Igor spotted that there's a race, where a region that's unref'd
in a _del callback might be free'd before the set_mem_table call in
the _commit callback, and thus the vhost might end up using free memory.

Fix this by building a complete temporary sections list, ref'ing every
section (during add and nop) and then unref'ing the whole list right
at the end of commit.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/virtio/vhost.c diff | blob | blame | history
include/hw/virtio/vhost.h diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git