Re: [PATCH 16/16] virtio_net: fix use after free on allocation failure

[Cornelia Huck]

On Sun, 5 Oct 2014 19:07:38 +0300
Michael S. Tsirkin m...@redhat.com wrote:

 In the extremely unlikely event that driver initialization fails after
 RX buffers are added, virtio net frees RX buffers while VQs are
 still active, potentially causing device to use a freed buffer.
 
 To fix, reset device first - same as we do on device removal.
 
 Signed-off-by: Michael S. Tsirkin m...@redhat.com
 ---
  drivers/net/virtio_net.c | 2 ++
  1 file changed, 2 insertions(+)

Reviewed-by: Cornelia Huck cornelia.h...@de.ibm.com

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

[PATCH 16/16] virtio_net: fix use after free on allocation failure

[Michael S. Tsirkin]

In the extremely unlikely event that driver initialization fails after
RX buffers are added, virtio net frees RX buffers while VQs are
still active, potentially causing device to use a freed buffer.

To fix, reset device first - same as we do on device removal.

Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
 drivers/net/virtio_net.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 7afc990..85e6098 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
return 0;
 
 free_recv_bufs:
+   vi-vdev-config-reset(vdev);
+
free_receive_bufs(vi);
unregister_netdev(dev);
 free_vqs:
-- 
MST

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization