mirror of
https://github.com/Motorhead1991/qemu.git
synced 2026-02-26 22:25:12 -07:00
9883df8cca
On guest graceful shutdown, virtiofsd receives VHOST_USER_GET_VRING_BASE request from VMM and shuts down virtqueues by calling fv_set_started(), which joins fv_queue_thread() threads. So when virtio_loop() returns, there should be no thread is still accessing data in fuse session and/or virtio dev. But on abnormal exit, e.g. guest got killed for whatever reason, vhost-user socket is closed and virtio_loop() breaks out the main loop and returns to main(). But it's possible fv_queue_worker()s are still working and accessing fuse session and virtio dev, which results in crash or use-after-free. Fix it by stopping fv_queue_thread()s before virtio_loop() returns, to make sure there's no-one could access fuse session and virtio dev. Reported-by: Qingming Su <qingming.su@linux.alibaba.com> Signed-off-by: Eryu Guan <eguan@linux.alibaba.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> |
||
|---|---|---|
| .. | ||
| 50-qemu-virtiofsd.json.in | ||
| buffer.c | ||
| fuse.h | ||
| fuse_common.h | ||
| fuse_i.h | ||
| fuse_log.c | ||
| fuse_log.h | ||
| fuse_lowlevel.c | ||
| fuse_lowlevel.h | ||
| fuse_misc.h | ||
| fuse_opt.c | ||
| fuse_opt.h | ||
| fuse_signals.c | ||
| fuse_virtio.c | ||
| fuse_virtio.h | ||
| helper.c | ||
| Makefile.objs | ||
| passthrough_helpers.h | ||
| passthrough_ll.c | ||
| seccomp.c | ||
| seccomp.h | ||