This series fixes use-after-free bugs when blk->root changes across aio_poll().
For example, a temporary filter node can be removed by a blockjob when a
drained section begins. If the caller doesn't hold a ref on the BDS then it
will have been freed.
Hanna Reitz (1):
iotests/stream-error-on-reset: New test
Stefan Hajnoczi (1):
block-backend: prevent dangling BDS pointers across aio_poll()
block/block-backend.c | 19 ++-
.../qemu-iotests/tests/stream-error-on-reset | 140 ++++++++++++++++++
.../tests/stream-error-on-reset.out | 5 +
3 files changed, 162 insertions(+), 2 deletions(-)
create mode 100755 tests/qemu-iotests/tests/stream-error-on-reset
create mode 100644 tests/qemu-iotests/tests/stream-error-on-reset.out
--
2.33.1