QEMU-Nyx-fork

Go to file

Fam Zheng e95205e1f9 dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel

If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:

     continue_after_map_failure               dma_aio_cancel
     ------------------------------------------------------------------
     aio_bh_new
                                              qemu_bh_delete
     qemu_bh_schedule (use after free)

Also, the old code doesn't run the bh in the right AioContext.

Fix both problems by passing a QEMUBH to cpu_register_map_client.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2015-04-27 18:24:18 +02:00

audio

audio: Don't free hw resources until after hw backend is stopped

2014-12-22 23:12:25 +00:00

backends

hostmem: Prevent removing an in-use memory backend

2015-04-01 10:06:38 +02:00

block

block/iscsi: handle zero events from iscsi_which_events

2015-04-09 10:31:45 +01:00

bsd-user

linux-user, bsd-user: Remove two calls to cpu_exec_init_all

2015-04-27 18:24:17 +02:00

default-configs

hw/usb: Include USB files only if necessary

2015-03-18 11:50:47 +01:00

disas

cris: remove unused cris_cond15 declarations

2015-03-19 11:11:55 +03:00

docs

fw_cfg: add documentation file (docs/specs/fw_cfg.txt)

2015-04-14 13:21:08 +02:00

dtc @ bc895d6d09

dtc: add submodule

2013-04-18 13:50:53 +02:00

fpu

softfloat: expand out STATUS macro

2015-02-06 16:11:38 +00:00

fsdev

Fix typos in comments

2015-03-19 11:30:37 +03:00

gdb-xml

s390x/gdb: add the feature xml files for s390x

2014-09-01 09:45:19 +02:00

vhost: fix log base address

2015-04-20 09:27:01 +01:00

include

dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel

2015-04-27 18:24:18 +02:00

libcacard

libcacard: stop linking against every single 3rd party library

2015-02-10 09:27:20 +03:00

libdecnumber

libdecnumber: Fix warnings from smatch (missing static, boolean operations)

2014-08-24 13:21:06 +04:00

linux-headers

synchronize Linux headers to 4.0-rc3

2015-03-10 09:26:22 +01:00

linux-user

linux-user, bsd-user: Remove two calls to cpu_exec_init_all

2015-04-27 18:24:17 +02:00

migration

rdma: Fix cleanup in error paths

2015-03-26 15:31:46 +01:00

net

net: synchronize net_host_device_remove with host_net_remove_completion

2015-03-12 19:59:39 +00:00

pc-bios

pseries: Update SLOF firmware image to qemu-slof-20150313

2015-03-25 22:49:45 +01:00

pixman @ 87eea99e44

pixman: update internal copy to pixman-0.32.6

2014-09-15 08:14:19 +02:00

po: fix conflict with %.mo rule in rules.mak

2014-09-26 13:35:08 +02:00

qapi

block: Document blockdev-add's immaturity

2015-03-27 10:01:12 +00:00

qga

qga: fitering out -fstack-protector-strong

2015-04-02 15:57:27 +02:00

qobject

qjson: Drop trailing space for pretty formatting

2014-12-10 10:25:30 +01:00

qom

qom: Add can_be_deleted callback to UserCreatableClass

2015-04-01 10:06:38 +02:00

roms

pseries: Update SLOF firmware image to qemu-slof-20150313

2015-03-25 22:49:45 +01:00

scripts

build: pass .d file name to scripts/make_device_config.sh, fix makefile target

2015-03-18 12:07:25 +01:00

slirp

slirp: udp: fix NULL pointer dereference because of uninitialized socket

2014-09-23 19:15:05 +01:00

stubs

pci, pc, virtio fixes and cleanups

2015-03-09 09:14:28 +00:00

sysconfigs/target

Eliminate cpus-x86_64.conf file

2012-09-21 15:12:58 +02:00

target-alpha

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-arm

target-arm: kvm64 fix save/restore of SPSR regs

2015-04-01 17:57:30 +01:00

target-cris

cris: remove unused cris_cond15 declarations

2015-03-19 11:11:55 +03:00

target-i386

target-i386: remove superfluous TARGET_HAS_SMC macro

2015-04-04 09:45:59 +03:00

target-lm32

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-m68k

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-microblaze

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-mips

trivial patches for 2015-03-19

2015-03-19 14:10:20 +00:00

target-moxie

target-moxie: Fix warnings from Sparse (one-bit signed bitfield)

2015-03-19 11:11:55 +03:00

target-openrisc

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-ppc

target-ppc: don't invalidate msr MSR_HVB bit in cpu_post_load

2015-04-17 11:44:01 +01:00

target-s390x

Final batch of s390x enhancements/fixes for 2.3:

2015-03-16 11:44:55 +00:00

target-sh4

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-sparc

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-tricore

target-tricore: Fix check which was always false

2015-04-04 09:45:59 +03:00

target-unicore32

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

target-xtensa

tcg: Change translator-side labels to a pointer

2015-03-13 12:28:18 -07:00

tcg

tcg/tcg-op.c: Fix ld/st of 64 bit values on 32-bit bigendian hosts

2015-04-09 10:51:10 +01:00

tests

qcow2: Fix header update with overridden backing file

2015-04-08 10:29:20 +01:00

trace

Remove superfluous '\n' around error_report()

2015-03-10 08:15:33 +03:00

CVE-2015-1779: limit size of HTTP headers from websockets clients

2015-04-01 17:12:55 +02:00

util

util/qemu-config: fix regression of qmp_query_command_line_options

2015-04-02 15:57:27 +02:00

.exrc

qemu: add .exrc

2012-09-07 09:02:44 +03:00

.gitignore

gitignore: Ignore more .pod files.

2015-04-04 09:45:59 +03:00

.gitmodules

PPC: Add u-boot firmware for e500

2014-06-16 13:24:35 +02:00

.mailmap

Update mailmap

2013-09-05 09:40:31 -05:00

.travis.yml

.travis.yml: Add "--enable-modules"

2015-01-26 12:27:05 +01:00

accel.c

accel: Create accel object when initializing machine

2014-10-09 15:36:14 +02:00

aio-posix.c

block: Use g_new0() for a bit of extra type checking

2014-12-10 10:31:21 +01:00

aio-win32.c

block: Use g_new0() for a bit of extra type checking

2014-12-10 10:31:21 +01:00

arch_init.c

migration: remove last_sent_block from save_page_header

2015-03-26 15:31:46 +01:00

async.c

aio: strengthen memory barriers for bottom half scheduling

2015-04-09 10:29:29 +01:00

balloon.c

balloon: Fix typo

2015-02-23 10:56:09 -05:00

block.c

block: Fix unaligned zero write

2015-03-27 10:01:12 +00:00

blockdev-nbd.c

nbd: Fix up comment after commit e140177

2015-03-25 13:38:07 +01:00

blockdev.c

block: Fix blockdev-backup not to use funky error class

2015-03-19 16:02:59 +01:00

blockjob.c

block: declare blockjobs and dataplane friends!

2014-11-03 11:41:49 +00:00

bootdevice.c

misc: fix typos in copyright declaration

2015-03-26 14:21:43 +01:00

bt-host.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

bt-vhci.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

Changelog

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

CODING_STYLE

CODING_STYLE: Section about conditional statement

2014-08-15 18:54:06 +04:00

configure

Revert seccomp tests that allow it to be used on non-x86 architectures

2015-04-13 12:28:48 +01:00

COPYING

COPYING: update from FSF

2008-10-12 17:54:42 +00:00

COPYING.LIB

Update FSF address in GPL/LGPL boilerplate

2009-01-04 22:05:52 +00:00

coroutine-gthread.c

glib-compat.h: add new thread API emulation on top of pre-2.31 API

2014-06-10 07:44:01 +02:00

coroutine-sigaltstack.c

coroutine-sigaltstack: Change jmp_buf to sigjmp_buf

2014-11-11 11:07:55 +03:00

coroutine-ucontext.c

coroutine-ucontext: use __thread

2015-01-13 13:43:28 +00:00

coroutine-win32.c

coroutine-win32.c: Add noinline attribute to work around gcc bug

2014-06-26 14:08:14 +01:00

cpu-exec.c

- vhost-scsi: add bootindex property

2015-02-24 13:58:18 +00:00

cpus.c

cpus: Don't kick un-realized cpus.

2015-03-25 13:38:07 +01:00

cputlb.c

exec: RCUify AddressSpaceDispatch

2015-02-16 17:30:19 +01:00

device_tree.c

machine: query phandle-start machine property

2015-03-11 18:17:11 +01:00

device-hotplug.c

pci-hotplug-old: Has been dead for five major releases, bury

2015-03-01 12:37:54 +01:00

disas.c

monitor: QEMU Monitor Instruction Disassembly Incorrect for PowerPC LE Mode

2014-06-16 13:24:26 +02:00

dma-helpers.c

dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel

2015-04-27 18:24:18 +02:00

dump.c

dump: Fix dump-guest-memory termination and use-after-close

2014-11-02 10:04:34 +03:00

exec.c

dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel

2015-04-27 18:24:18 +02:00

gdbstub.c

gdbstub: avoid possible NULL pointer dereference

2015-03-10 08:15:34 +03:00

HACKING

HACKING: Document vaddr type usage

2013-07-23 02:41:31 +02:00

hmp-commands.hx

hmp: Fix texinfo documentation

2015-03-19 11:35:52 +03:00

hmp.c

hmp: fix crash in 'info block -n -v'

2015-04-17 14:27:42 +01:00

hmp.h

qom: Implement qom-set HMP command

2015-03-17 14:31:15 +01:00

iohandler.c

iohandler.c: Properly initialize sigaction struct

2014-05-24 00:07:29 +04:00

ioport.c

memory: convert memory_region_destroy to object_unparent

2014-08-18 12:06:20 +02:00

iothread.c

async: aio_context_new(): Handle event_notifier_init failure

2014-09-22 11:39:48 +01:00

kvm-all.c

kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap

2015-04-02 15:58:37 +02:00

kvm-stub.c

pc: kvm: check if KVM has free memory slots to avoid abort()

2014-11-23 12:11:29 +02:00

LICENSE

vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio

2014-12-19 15:24:06 -07:00

main-loop.c

Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"

2014-10-27 15:05:09 +00:00

MAINTAINERS

misc fixes and cleanups

2015-03-12 09:13:07 +00:00

Makefile

Use $(MAKE) for recursive make

2015-04-02 15:58:39 +02:00

Makefile.objs

QJSON: Add JSON writer

2015-02-05 17:16:14 +01:00

Makefile.target

Makefile.target: binary depends on config-devices

2015-03-01 19:41:50 +01:00

memory_mapping.c

Add skip_dump flag to ignore memory region during dump

2014-10-31 11:29:01 +01:00

memory.c

memory: Move owner-less MemoryRegions to /machine/unattached

2015-03-17 14:31:26 +01:00

module-common.c

module: implement module loading

2014-02-20 13:14:18 +01:00

monitor.c

usb: bugfix collection.

2015-03-20 09:50:08 +00:00

nbd.c

nbd: Drop unexpected data for NBD_OPT_LIST

2015-03-18 12:07:16 +01:00

numa.c

numa: Print warning if no node is assigned to a CPU

2015-03-19 16:20:15 -03:00

os-posix.c

rcu: do not create thread in pthread_atfork callback

2015-04-01 10:06:38 +02:00

os-win32.c

pidfile: stop making pidfile error a special case

2014-11-02 10:04:34 +03:00

page_cache.c

xbzrle: rebuild the cache_is_cached function

2015-01-15 17:49:43 +05:30

qapi-schema.json

migration: Convert 'status' of MigrationInfo to use an enum type

2015-03-17 15:20:37 +01:00

qdev-monitor.c

qom: Implement info qom-tree HMP command

2015-03-17 14:31:21 +01:00

qdict-test-data.txt

Introduce QDict test data file

2009-09-04 09:37:34 -05:00

qemu-bridge-helper.c

qemu-bridge-helper: Fix fd leak in main()

2014-06-27 10:39:10 +02:00

qemu-char.c

qemu-img: Suppress unhelpful extra errors in convert, amend

2015-02-26 14:51:21 +01:00

qemu-coroutine-io.c

coroutine-io: Return -errno in case of error

2015-03-18 12:07:21 +01:00

qemu-coroutine-lock.c

coroutine: remove qemu_co_queue_wait_insert_head

2013-12-02 17:11:49 +01:00

qemu-coroutine-sleep.c

coroutine: Drop co_sleep_ns

2014-08-29 10:46:58 +01:00

qemu-coroutine.c

coroutine: Clean up qemu_coroutine_enter()

2015-03-09 11:11:59 +01:00

qemu-doc.texi

raw-posix: Deprecate host floppy passthrough

2015-03-19 11:43:02 +01:00

qemu-img-cmds.hx

qemu-img: Add progress output for amend

2014-11-03 11:41:48 +00:00

qemu-img.c

qemu-img: Avoid qerror_report_err() outside QMP handlers, again

2015-03-16 17:07:25 +01:00

qemu-img.texi

qemu-img: Add progress output for amend

2014-11-03 11:41:48 +00:00

qemu-io-cmds.c

qemu-io: Use BlockBackend

2015-02-16 15:07:19 +00:00

qemu-io.c

Clean up around error_get_pretty(), qerror_report_err()

2015-02-26 07:01:08 +00:00

qemu-log.c

qemu-log: Correct help text of 'log cpu_reset'

2015-02-10 09:27:20 +03:00

qemu-nbd.c

nbd: Set block size to BDRV_SECTOR_SIZE

2015-03-18 12:07:01 +01:00

qemu-nbd.texi

nbd: Miscellaneous typo fixes.

2014-05-24 00:07:29 +04:00

qemu-options-wrapper.h

vl.c: In qemu -h output, only print options for the arch we are running as

2011-12-19 10:27:33 -06:00

qemu-options.h

vl.c: Move option generation logic into a wrapper file

2011-12-19 10:27:33 -06:00

qemu-options.hx

Block patches for 2.3.0-rc1

2015-03-19 17:47:08 +00:00

qemu-seccomp.c

seccomp: add mlockall to whitelist

2015-01-23 14:07:08 +01:00

qemu-tech.texi

qemu-tech.texi: update implemented xtensa features list

2012-11-29 13:00:52 -06:00

qemu-timer.c

qemu-timer.c: Trim list of included headers

2015-01-26 18:15:54 +00:00

qemu.nsi

nsis: Improved support for parallel installation of 32 and 64 bit code

2013-11-07 07:02:44 +01:00

qemu.sasl

sasl: Avoid 'Could not find keytab file' in syslog

2014-03-15 13:54:18 +04:00

qjson.c

QJSON: fix typo in author's email address

2015-02-10 09:27:20 +03:00

qmp-commands.hx

block: Document blockdev-add's immaturity

2015-03-27 10:01:12 +00:00

qmp.c

qom: Add can_be_deleted callback to UserCreatableClass

2015-04-01 10:06:38 +02:00

qtest.c

qtest: Use qemu_opt_set() instead of qemu_opts_parse()

2015-02-26 14:52:13 +01:00

README

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

rules.mak

rules.mak: Fix module build

2015-01-14 10:38:57 +01:00

savevm.c

error: Replace error_report() & error_free() with error_report_err()

2015-03-19 11:11:55 +03:00

softmmu_template.h

exec: make iotlb RCU-friendly

2015-02-16 17:30:19 +01:00

spice-qemu-char.c

spice: Add missing 'static' attribute

2015-02-10 10:26:05 +03:00

tcg-runtime.c

tcg: Push tcg-runtime routines into exec/helper-*

2014-05-28 09:33:54 -07:00

tci.c

tcg: Remove unused opcodes

2015-02-12 21:21:38 -08:00

thread-pool.c

block: Rename BlockDriverCompletionFunc to BlockCompletionFunc

2014-10-20 13:41:27 +02:00

thunk.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

tpm.c

tpm: Remove superfluous '\n' around error_report()

2015-03-10 08:15:33 +03:00

trace-events

s390x/kvm: trace all SIGP orders

2015-03-10 09:26:22 +01:00

translate-all.c

translate-all: use glib for all page descriptor allocations

2015-04-27 18:24:17 +02:00

translate-all.h

translate-all: Change tb_check_watchpoint() argument to CPUState

2014-03-13 19:20:48 +01:00

user-exec.c

user-exec.c: fix build on NetBSD/sparc64 and NetBSD/arm

2015-03-13 15:57:00 +00:00

VERSION

Open 2.4 development tree

2015-04-25 22:05:07 +01:00

version.rc

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

vl.c

Avoid crashing on multiple -incoming

2015-03-26 15:31:46 +01:00

xen-common-stub.c

accel: Move Xen registration code to xen-common.c

2014-10-04 08:59:15 +02:00

xen-common.c

accel: Pass MachineState object to accel init functions

2014-10-09 12:57:10 +02:00

xen-hvm-stub.c

xen: Remove xen_cmos_set_s3_resume()

2015-03-10 08:15:33 +03:00

xen-hvm.c

Xen: Use the ioreq-server API when available

2015-01-20 14:24:10 +00:00

xen-mapcache.c

xen: add a lock for the mapcache

2015-01-20 14:24:17 +00:00

README

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team