Go to file
Kevin Wolf 315a1309de coroutine: Fix use after free with qemu_coroutine_yield()
Instead of using the same function for entering and exiting coroutines,
and hoping that it doesn't add any functionality that hurts with the
parameters used for exiting, we can just directly call into the real
task switch in qemu_coroutine_switch().

This fixes a use-after-free scenario where reentering a coroutine that
has yielded still accesses the old parent coroutine (which may have
meanwhile terminated) in the part of coroutine_swap() that follows
qemu_coroutine_switch().

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-09 11:11:59 +01:00
audio audio: Don't free hw resources until after hw backend is stopped 2014-12-22 23:12:25 +00:00
backends Drop superfluous conditionals around g_strdup() 2014-12-10 11:30:55 +03:00
block - more config options 2015-03-03 12:07:47 +00:00
bsd-user bsd-user/elfload.c: Don't use ldl() or ldq_raw() 2015-01-20 15:19:33 +00:00
default-configs Give ivshmem its own config option 2015-02-27 15:17:46 +01:00
disas disas/sh4: Fix warning caused by missing 'static' attribute 2015-02-10 10:26:05 +03:00
docs docs: add memory-hotplug.txt 2015-03-04 13:00:36 -05:00
dtc@bc895d6d09 dtc: add submodule 2013-04-18 13:50:53 +02:00
fpu softfloat: expand out STATUS macro 2015-02-06 16:11:38 +00:00
fsdev virtfs-proxy-helper: Fix possible socket leak. 2015-02-10 09:27:20 +03:00
gdb-xml s390x/gdb: add the feature xml files for s390x 2014-09-01 09:45:19 +02:00
hw Xtensa updates: 2015-03-08 14:32:38 +00:00
include Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2015-03-08 12:47:13 +00:00
libcacard libcacard: stop linking against every single 3rd party library 2015-02-10 09:27:20 +03:00
libdecnumber libdecnumber: Fix warnings from smatch (missing static, boolean operations) 2014-08-24 13:21:06 +04:00
linux-headers vfio-pci: Enable device request notification support 2015-03-02 11:38:55 -07:00
linux-user Revert "Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging" 2015-03-03 00:29:17 +00:00
migration unbreak dtrace tracing due to double _ in rdma names 2015-03-02 15:37:34 -06:00
net QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use 2015-02-26 14:49:31 +01:00
pc-bios seabios: update to 1.8.0 release 2015-02-19 09:33:03 +01:00
pixman@87eea99e44 pixman: update internal copy to pixman-0.32.6 2014-09-15 08:14:19 +02:00
po po: fix conflict with %.mo rule in rules.mak 2014-09-26 13:35:08 +02:00
qapi block: add event when disk usage exceeds threshold 2015-02-06 17:24:21 +01:00
qga qemu-ga-win: Fail loudly on bare 'set-time' 2015-02-17 16:21:50 -06:00
qobject qjson: Drop trailing space for pretty formatting 2014-12-10 10:25:30 +01:00
qom error: Use error_report_err() where appropriate 2015-02-18 10:51:09 +01:00
roms seabios: update to 1.8.0 release 2015-02-19 09:33:03 +01:00
scripts -----BEGIN PGP SIGNATURE----- 2015-03-04 15:33:05 +00:00
slirp slirp: udp: fix NULL pointer dereference because of uninitialized socket 2014-09-23 19:15:05 +01:00
stubs pc-dimm: add a function to calculate VM's current RAM size 2015-03-04 13:00:04 -05:00
sysconfigs/target Eliminate cpus-x86_64.conf file 2012-09-21 15:12:58 +02:00
target-alpha tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-arm Convert to linked list. 2015-02-13 11:44:50 +00:00
target-cris tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-i386 Revert "Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging" 2015-03-03 00:29:17 +00:00
target-lm32 tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-m68k tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-microblaze tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-mips target-mips: pass 0 instead of -1 as rs in microMIPS LUI instruction 2015-02-13 14:11:29 +00:00
target-moxie tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-openrisc tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-ppc tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-s390x s390x/helper: Remove s390_cpu_physical_memory_map 2015-02-18 09:37:15 +01:00
target-sh4 tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-sparc error: Use error_report_err() where appropriate 2015-02-18 10:51:09 +01:00
target-tricore target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode 2015-03-03 01:06:00 +00:00
target-unicore32 tcg: Introduce tcg_op_buf_count and tcg_op_buf_full 2015-02-12 21:21:38 -08:00
target-xtensa target-xtensa: implement do_unassigned_access callback 2015-03-07 15:27:54 +03:00
tcg tcg: Remove unused opcodes 2015-02-12 21:21:38 -08:00
tests Revert "Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging" 2015-03-03 00:29:17 +00:00
trace trace: [hmp] Reimplement "trace-event" and "info trace-events" using QMP 2014-09-26 09:34:38 +01:00
ui hmp: Normalize HMP command handler names 2015-02-25 13:14:37 +00:00
util misc spice/qxl fixes. 2015-03-08 09:47:55 +00:00
.exrc qemu: add .exrc 2012-09-07 09:02:44 +03:00
.gitignore .gitignore: Ignore generated "common.env" 2015-01-13 13:43:28 +00:00
.gitmodules PPC: Add u-boot firmware for e500 2014-06-16 13:24:35 +02:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml .travis.yml: Add "--enable-modules" 2015-01-26 12:27:05 +01:00
accel.c accel: Create accel object when initializing machine 2014-10-09 15:36:14 +02:00
aio-posix.c block: Use g_new0() for a bit of extra type checking 2014-12-10 10:31:21 +01:00
aio-win32.c block: Use g_new0() for a bit of extra type checking 2014-12-10 10:31:21 +01:00
arch_init.c Clean up around error_get_pretty(), qerror_report_err() 2015-02-26 07:01:08 +00:00
async.c block: replace g_new0 with g_new for bottom half allocation. 2015-01-13 11:47:56 +00:00
balloon.c balloon: Fix typo 2015-02-23 10:56:09 -05:00
block.c qemu-img: Suppress unhelpful extra errors in convert, amend 2015-02-26 14:51:21 +01:00
blockdev-nbd.c nbd: Change external interface to BlockBackend 2014-12-10 10:31:12 +01:00
blockdev.c block: Simplify setting numeric options 2015-02-26 14:51:46 +01:00
blockjob.c block: declare blockjobs and dataplane friends! 2014-11-03 11:41:49 +00:00
bootdevice.c bootdevice: bug fixes 2015-03-08 06:43:32 +00:00
bt-host.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
bt-vhci.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
CODING_STYLE CODING_STYLE: Section about conditional statement 2014-08-15 18:54:06 +04:00
configure block/dmg: support bzip2 block entry types 2015-02-06 17:24:21 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
coroutine-sigaltstack.c coroutine-sigaltstack: Change jmp_buf to sigjmp_buf 2014-11-11 11:07:55 +03:00
coroutine-ucontext.c coroutine-ucontext: use __thread 2015-01-13 13:43:28 +00:00
coroutine-win32.c coroutine-win32.c: Add noinline attribute to work around gcc bug 2014-06-26 14:08:14 +01:00
cpu-exec.c - vhost-scsi: add bootindex property 2015-02-24 13:58:18 +00:00
cpus.c cpus: be more paranoid in avoiding deadlocks 2015-03-02 10:57:07 +01:00
cputlb.c exec: RCUify AddressSpaceDispatch 2015-02-16 17:30:19 +01:00
device_tree.c device-tree: fix memory leak 2015-01-07 16:16:26 +01:00
device-hotplug.c hmp: Name HMP command handler functions hmp_COMMAND() 2015-02-18 11:58:30 +01:00
disas.c monitor: QEMU Monitor Instruction Disassembly Incorrect for PowerPC LE Mode 2014-06-16 13:24:26 +02:00
dma-helpers.c hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
dump.c dump: Fix dump-guest-memory termination and use-after-close 2014-11-02 10:04:34 +03:00
exec.c Convert ram_list to RCU 2015-02-16 17:31:55 +01:00
gdbstub.c Add the "-semihosting-config" option. 2014-12-11 12:07:48 +00:00
HACKING HACKING: Document vaddr type usage 2013-07-23 02:41:31 +02:00
hmp-commands.hx hmp: Name HMP command handler functions hmp_COMMAND() 2015-02-18 11:58:30 +01:00
hmp.c hmp: info spice: take out webdav 2015-03-04 14:47:52 +01:00
hmp.h hmp: Name HMP command handler functions hmp_COMMAND() 2015-02-18 11:58:30 +01:00
iohandler.c iohandler.c: Properly initialize sigaction struct 2014-05-24 00:07:29 +04:00
ioport.c memory: convert memory_region_destroy to object_unparent 2014-08-18 12:06:20 +02:00
iothread.c async: aio_context_new(): Handle event_notifier_init failure 2014-09-22 11:39:48 +01:00
kvm-all.c kvm: g_malloc() can't fail, bury dead error handling 2015-02-10 09:27:20 +03:00
kvm-stub.c pc: kvm: check if KVM has free memory slots to avoid abort() 2014-11-23 12:11:29 +02:00
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00
main-loop.c Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously" 2014-10-27 15:05:09 +00:00
MAINTAINERS -----BEGIN PGP SIGNATURE----- 2015-02-06 14:35:52 +00:00
Makefile Makefile: don't silence mak file test with V=1 2015-02-27 19:42:45 +01:00
Makefile.objs QJSON: Add JSON writer 2015-02-05 17:16:14 +01:00
Makefile.target Makefile.target: binary depends on config-devices 2015-02-27 19:42:45 +01:00
memory_mapping.c Add skip_dump flag to ignore memory region during dump 2014-10-31 11:29:01 +01:00
memory.c memory: keep the owner of the AddressSpace alive until do_address_space_destroy 2015-02-11 21:48:44 +01:00
module-common.c module: implement module loading 2014-02-20 13:14:18 +01:00
monitor.c NUMA fixes queue 2015-03-02 12:13:45 +00:00
nbd.c nbd: Drop BDS backpointer 2015-02-16 14:36:03 +00:00
numa.c NUMA fixes queue 2015-03-02 12:13:45 +00:00
os-posix.c os-posix: reorder parent notification for -daemonize 2014-11-02 10:04:34 +03:00
os-win32.c pidfile: stop making pidfile error a special case 2014-11-02 10:04:34 +03:00
page_cache.c xbzrle: rebuild the cache_is_cached function 2015-01-15 17:49:43 +05:30
qapi-schema.json input: misc fixes. 2015-01-22 17:41:59 +00:00
qdev-monitor.c QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use 2015-02-26 14:49:31 +01:00
qdict-test-data.txt
qemu-bridge-helper.c qemu-bridge-helper: Fix fd leak in main() 2014-06-27 10:39:10 +02:00
qemu-char.c qemu-img: Suppress unhelpful extra errors in convert, amend 2015-02-26 14:51:21 +01:00
qemu-coroutine-io.c qemu-coroutine-io: fix for Win32 2014-08-29 10:46:58 +01:00
qemu-coroutine-lock.c coroutine: remove qemu_co_queue_wait_insert_head 2013-12-02 17:11:49 +01:00
qemu-coroutine-sleep.c coroutine: Drop co_sleep_ns 2014-08-29 10:46:58 +01:00
qemu-coroutine.c coroutine: Fix use after free with qemu_coroutine_yield() 2015-03-09 11:11:59 +01:00
qemu-doc.texi block: vhdx - change .vhdx_create default block state to ZERO 2014-12-12 15:42:49 +00:00
qemu-img-cmds.hx qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-img.c qemu-img: Suppress unhelpful extra errors in convert, amend 2015-02-26 14:51:21 +01:00
qemu-img.texi qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-io-cmds.c qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
qemu-io.c Clean up around error_get_pretty(), qerror_report_err() 2015-02-26 07:01:08 +00:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c Clean up around error_get_pretty(), qerror_report_err() 2015-02-26 07:01:08 +00:00
qemu-nbd.texi nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
qemu-options-wrapper.h vl.c: In qemu -h output, only print options for the arch we are running as 2011-12-19 10:27:33 -06:00
qemu-options.h
qemu-options.hx qemu-options.hx: improve -m description 2015-03-04 13:00:04 -05:00
qemu-seccomp.c seccomp: add mlockall to whitelist 2015-01-23 14:07:08 +01:00
qemu-tech.texi qemu-tech.texi: update implemented xtensa features list 2012-11-29 13:00:52 -06:00
qemu-timer.c qemu-timer.c: Trim list of included headers 2015-01-26 18:15:54 +00:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog 2014-03-15 13:54:18 +04:00
qjson.c QJSON: fix typo in author's email address 2015-02-10 09:27:20 +03:00
qmp-commands.hx block: add event when disk usage exceeds threshold 2015-02-06 17:24:21 +01:00
qmp.c vnc: auto assian an id when calling change vnc qmp interface 2015-02-16 08:47:59 +01:00
qtest.c qtest: Use qemu_opt_set() instead of qemu_opts_parse() 2015-02-26 14:52:13 +01:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
rules.mak rules.mak: Fix module build 2015-01-14 10:38:57 +01:00
savevm.c hmp: Normalize HMP command handler names 2015-02-25 13:14:37 +00:00
softmmu_template.h exec: make iotlb RCU-friendly 2015-02-16 17:30:19 +01:00
spice-qemu-char.c spice: Add missing 'static' attribute 2015-02-10 10:26:05 +03:00
tcg-runtime.c tcg: Push tcg-runtime routines into exec/helper-* 2014-05-28 09:33:54 -07:00
tci.c tcg: Remove unused opcodes 2015-02-12 21:21:38 -08:00
thread-pool.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
thunk.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
tpm.c tpm: Avoid qerror_report_err() outside QMP command handlers 2015-02-18 10:51:37 +01:00
trace-events Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging 2015-03-08 12:47:13 +00:00
translate-all.c translate-all: Use g_try_malloc() for dynamic translator buffer 2015-02-10 09:27:21 +03:00
translate-all.h translate-all: Change tb_check_watchpoint() argument to CPUState 2014-03-13 19:20:48 +01:00
user-exec.c softmmu: introduce cpu_ldst.h 2014-06-05 16:10:33 +02:00
VERSION Open 2.3 development tree 2014-12-09 21:48:34 +00:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c bootdevice: bug fixes 2015-03-08 06:43:32 +00:00
xen-common-stub.c accel: Move Xen registration code to xen-common.c 2014-10-04 08:59:15 +02:00
xen-common.c accel: Pass MachineState object to accel init functions 2014-10-09 12:57:10 +02:00
xen-hvm-stub.c xen-hvm: Fix xen_hvm_init() to adjust pc memory layout 2014-06-23 17:50:04 +03:00
xen-hvm.c Xen: Use the ioreq-server API when available 2015-01-20 14:24:10 +00:00
xen-mapcache.c xen: add a lock for the mapcache 2015-01-20 14:24:17 +00:00

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team