| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2016 09:43:09 -0700 From: Haiyang Zhang <haiyangz@...rosoft.com> To: davem@...emloft.net, netdev@...r.kernel.org Cc: haiyangz@...rosoft.com, kys@...rosoft.com, olaf@...fle.de, vkuznets@...hat.com, linux-kernel@...r.kernel.org, driverdev-devel@...uxdriverproject.org Subject: [PATCH net-next,1/2] hv_netvsc: Fix accessing freed memory in netvsc_change_mtu() struct netvsc_device is freed in rndis_filter_device_remove(). So we save the nvdev->num_chn into a temp variable for later usage. (Please also include this patch into stable branch.) Signed-off-by: Haiyang Zhang <haiyangz@...rosoft.com> Reviewed-by: K. Y. Srinivasan <kys@...rosoft.com> --- drivers/net/hyperv/netvsc_drv.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 0860849..b8121eb 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -858,6 +858,7 @@ static int netvsc_change_mtu(struct net_device *ndev, int mtu) struct netvsc_device *nvdev = hv_get_drvdata(hdev); struct netvsc_device_info device_info; int limit = ETH_DATA_LEN; + u32 num_chn; int ret = 0; if (nvdev == NULL || nvdev->destroy) @@ -873,6 +874,8 @@ static int netvsc_change_mtu(struct net_device *ndev, int mtu) if (ret) goto out; + num_chn = nvdev->num_chn; + nvdev->start_remove = true; rndis_filter_device_remove(hdev); @@ -883,7 +886,7 @@ static int netvsc_change_mtu(struct net_device *ndev, int mtu) memset(&device_info, 0, sizeof(device_info)); device_info.ring_size = ring_size; - device_info.num_chn = nvdev->num_chn; + device_info.num_chn = num_chn; device_info.max_num_vrss_chns = max_num_vrss_chns; rndis_filter_device_add(hdev, &device_info); -- 1.7.4.1
Powered by blists - more mailing lists