virtio-blk: fix use-after-free while handling scsi commands

The scsi passthrough handler falls through after completing a request into the failure path, resulting in a use after free. Reproducible by running a guest with aio=native on a block device. Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> (cherry picked from commit 730a9c53b4e52681fcfe31cf38854cbf91e132c7) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: Avi Kivity <avi@redhat.com> 2012-08-06 15:49:03 +0300
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2012-08-21 15:36:35 -0500
commit: 3b38972743856fbfcee88fc15eb0753977103313 (patch)
tree: aa556632bab6469fd4e264527aea795e0e73007e /hw/virtio-blk.c
parent: 36ed337845a00240c370bbea782f953a8110d0c0 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index fe0774617b..f44d24420d 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -253,6 +253,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
 
     virtio_blk_req_complete(req, status);
     g_free(req);
+    return;
 #else
     abort();
 #endif
author	Avi Kivity <avi@redhat.com>	2012-08-06 15:49:03 +0300
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2012-08-21 15:36:35 -0500
commit	3b38972743856fbfcee88fc15eb0753977103313 (patch)
tree	aa556632bab6469fd4e264527aea795e0e73007e /hw/virtio-blk.c
parent	36ed337845a00240c370bbea782f953a8110d0c0 (diff)