[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1412608214-31944-16-git-send-email-mst@redhat.com>
Date: Mon, 6 Oct 2014 18:11:35 +0300
From: "Michael S. Tsirkin" <mst@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org, Rusty Russell <rusty@...tcorp.com.au>,
virtualization@...ts.linux-foundation.org,
Cornelia Huck <cornelia.huck@...ibm.com>,
netdev@...r.kernel.org
Subject: [PATCH v2 15/15] virtio_net: fix use after free on allocation failure
In the extremely unlikely event that driver initialization fails after
RX buffers are added, virtio net frees RX buffers while VQs are
still active, potentially causing device to use a freed buffer.
To fix, reset device first - same as we do on device removal.
Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@...ibm.com>
---
drivers/net/virtio_net.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 430f3ae..3551417 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
return 0;
free_recv_bufs:
+ vi->vdev->config->reset(vdev);
+
free_receive_bufs(vi);
unregister_netdev(dev);
free_vqs:
--
MST
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists