slackcoder/qemu - QEMU is a generic and open source machine & userspace emulator and virtualizer

diff options

author	Fam Zheng <famz@redhat.com>	2015-03-16 17:03:37 +0800
committer	Paolo Bonzini <pbonzini@redhat.com>	2015-04-27 18:24:18 +0200
commit	e95205e1f9cd2c4262b7a7b1c992a94512c86d0e (patch)
tree	1c03e53eeb46e2d7c15b9c15a1f1c9414e254e6e /qemu-options.hx
parent	33b6c2edf6214f02b9beaea61b169506c01f90aa (diff)

dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel

If DMA's owning thread cancels the IO while the bounce buffer's owning thread is notifying the "cpu client list", a use-after-free happens: continue_after_map_failure dma_aio_cancel ------------------------------------------------------------------ aio_bh_new qemu_bh_delete qemu_bh_schedule (use after free) Also, the old code doesn't run the bh in the right AioContext. Fix both problems by passing a QEMUBH to cpu_register_map_client. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com> [Remove unnecessary forward declaration. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'qemu-options.hx')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: