Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 024655555021e971203c519770609509e0af4468

Authored by Michael S. Tsirkin
Committed by Rusty Russell
1 parent 64b4cc3911

virtio_net: fix use after free on allocation failure 

In the extremely unlikely event that driver initialization fails after
RX buffers are added, virtio net frees RX buffers while VQs are
still active, potentially causing device to use a freed buffer.

To fix, reset device first - same as we do on device removal.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Showing 1 changed file with 2 additions and 0 deletions Side-by-side Diff

drivers/net/virtio_net.c
Diff comments   View file @ 0246555
... ... @@ -1830,6 +1830,8 @@
1830 1830 return 0;
1831 1831  
1832 1832 free_recv_bufs:
  1833 + vi->vdev->config->reset(vdev);
  1834 +
1833 1835 free_receive_bufs(vi);
1834 1836 unregister_netdev(dev);
1835 1837 free_vqs: