aboutsummaryrefslogtreecommitdiff
path: root/hw/virtio-blk.c
diff options
context:
space:
mode:
authorAvi Kivity <avi@redhat.com>2012-08-06 15:49:03 +0300
committerKevin Wolf <kwolf@redhat.com>2012-08-10 10:25:11 +0200
commit730a9c53b4e52681fcfe31cf38854cbf91e132c7 (patch)
treeaa4ca246c15bd0e8bf1bbb339ab0c0f4e4028bb7 /hw/virtio-blk.c
parent3d1d9652978ac5a32a0beb4bdf6065ca39440d89 (diff)
virtio-blk: fix use-after-free while handling scsi commands
The scsi passthrough handler falls through after completing a request into the failure path, resulting in a use after free. Reproducible by running a guest with aio=native on a block device. Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/virtio-blk.c')
-rw-r--r--hw/virtio-blk.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index f21757ed55..552b3b6c6a 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
virtio_blk_req_complete(req, status);
g_free(req);
+ return;
#else
abort();
#endif