Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
qemu-linux-user.7444
0201-9pfs-only-free-completed-request-if.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0201-9pfs-only-free-completed-request-if.patch of Package qemu-linux-user.7444
From 98fbb61b16ccea92c6b1d1508039e994c220ed1e Mon Sep 17 00:00:00 2001 From: Greg Kurz <groug@kaod.org> Date: Mon, 17 Oct 2016 14:13:58 +0200 Subject: [PATCH] 9pfs: only free completed request if not flushed If a PDU has a flush request pending, the current code calls pdu_free() twice: 1) pdu_complete()->pdu_free() with pdu->cancelled set, which does nothing 2) v9fs_flush()->pdu_free() with pdu->cancelled cleared, which moves the PDU back to the free list. This works but it complexifies the logic of pdu_free(). With this patch, pdu_complete() only calls pdu_free() if no flush request is pending, i.e. qemu_co_queue_next() returns false. Since pdu_free() is now supposed to be called with pdu->cancelled cleared, the check in pdu_free() is dropped and replaced by an assertion. Signed-off-by: Greg Kurz <groug@kaod.org> (cherry picked from commit f74e27bf0f07425aba6cb812aa7f5aa98bb68542) [BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/9pfs/9p.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 43fc44be8b..e59107d7ed 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -605,14 +605,10 @@ V9fsPDU *pdu_alloc(V9fsState *s) void pdu_free(V9fsPDU *pdu) { V9fsState *s = pdu->s; - /* - * Cancelled pdu are added back to the freelist - * by flush request . - */ - if (!pdu->cancelled) { - QLIST_REMOVE(pdu, next); - QLIST_INSERT_HEAD(&s->free_list, pdu, next); - } + + g_assert(!pdu->cancelled); + QLIST_REMOVE(pdu, next); + QLIST_INSERT_HEAD(&s->free_list, pdu, next); } /* @@ -657,9 +653,9 @@ static void pdu_complete(V9fsPDU *pdu, ssize_t len) pdu_push_and_notify(pdu); /* Now wakeup anybody waiting in flush for this request */ - qemu_co_queue_next(&pdu->complete); - - pdu_free(pdu); + if (!qemu_co_queue_next(&pdu->complete)) { + pdu_free(pdu); + } } static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor