[PATCH v3 0/2] block-backend: prevent dangling BDS pointers across aio_poll()

Stefan Hajnoczi Tue, 11 Jan 2022 07:37:49 -0800

This series fixes use-after-free bugs when blk->root changes across aio_poll().
For example, a temporary filter node can be removed by a blockjob when a
drained section begins. If the caller doesn't hold a ref on the BDS then it
will have been freed.


Hanna Reitz (1):
  iotests/stream-error-on-reset: New test

Stefan Hajnoczi (1):
  block-backend: prevent dangling BDS pointers across aio_poll()

 block/block-backend.c                         |  19 ++-
 .../qemu-iotests/tests/stream-error-on-reset  | 140 ++++++++++++++++++
 .../tests/stream-error-on-reset.out           |   5 +
 3 files changed, 162 insertions(+), 2 deletions(-)
 create mode 100755 tests/qemu-iotests/tests/stream-error-on-reset
 create mode 100644 tests/qemu-iotests/tests/stream-error-on-reset.out

-- 
2.33.1

[PATCH v3 0/2] block-backend: prevent dangling BDS pointers across aio_poll()

Reply via email to