Re: [PATCH 16/16] virtio_net: fix use after free on allocation failure

From: Cornelia Huck
Date: Mon Oct 06 2014 - 10:17:42 EST

Next message: Tomas Melin: "[PATCH] [media] rc-core: fix protocol_change regression in ir_raw_event_register"
Previous message: Andrea Arcangeli: "Re: [PATCH 04/17] mm: gup: make get_user_pages_fast and __get_user_pages_fast latency conscious"
In reply to: Michael S. Tsirkin: "[PATCH 16/16] virtio_net: fix use after free on allocation failure"
Next in thread: Michael S. Tsirkin: "[PATCH 11/16] virtio_net: minor cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 5 Oct 2014 19:07:38 +0300
"Michael S. Tsirkin" <mst@xxxxxxxxxx> wrote:

> In the extremely unlikely event that driver initialization fails after
> RX buffers are added, virtio net frees RX buffers while VQs are
> still active, potentially causing device to use a freed buffer.
>
> To fix, reset device first - same as we do on device removal.
>
> Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> ---
> drivers/net/virtio_net.c | 2 ++
> 1 file changed, 2 insertions(+)

Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tomas Melin: "[PATCH] [media] rc-core: fix protocol_change regression in ir_raw_event_register"
Previous message: Andrea Arcangeli: "Re: [PATCH 04/17] mm: gup: make get_user_pages_fast and __get_user_pages_fast latency conscious"
In reply to: Michael S. Tsirkin: "[PATCH 16/16] virtio_net: fix use after free on allocation failure"
Next in thread: Michael S. Tsirkin: "[PATCH 11/16] virtio_net: minor cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]