On 07/14/2016 06:15 AM, Stefan Hajnoczi wrote:
> On Wed, Jun 22, 2016 at 09:51:00AM -0600, Eric Blake wrote:
>> @@ -2204,14 +2203,15 @@ BlockAIOCB *bdrv_aio_discard(BlockDriverState *bs,
>> {
>> Coroutine *co;
>> BlockAIOCBCoroutine *acb;
>> + QEMUIOVector qiov = { .size = nb_sectors << BDRV_SECTOR_BITS, };
>>
>> trace_bdrv_aio_discard(bs, sector_num, nb_sectors, opaque);
>>
>> acb = qemu_aio_get(&bdrv_em_co_aiocb_info, bs, cb, opaque);
>> acb->need_bh = true;
>> acb->req.error = -EINPROGRESS;
>> - acb->req.sector = sector_num;
>> - acb->req.nb_sectors = nb_sectors;
>> + acb->req.offset = sector_num << BDRV_SECTOR_BITS;
>> + acb->req.qiov = &qiov;
>
> This looks unsafe: the pointer to a stack-allocated qiov is held after
> the function returns.Hmm, you're right. I'll definitely have to rework this one. But since the ONLY thing being passed through the qiov was the size, it may be easiest to just add acb->req.size. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
