aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/virtio_net.c
diff options
context:
space:
mode:
authorMichael S. Tsirkin <mst@redhat.com>2014-10-14 19:52:31 -0400
committerRusty Russell <rusty@rustcorp.com.au>2014-10-14 19:55:05 -0400
commit024655555021e971203c519770609509e0af4468 (patch)
treee0bc0b54628ad7621c4a2fe79062e876615599f6 /drivers/net/virtio_net.c
parent64b4cc3911fe8284dfb3cfdb8065c100b818bab8 (diff)
virtio_net: fix use after free on allocation failure
In the extremely unlikely event that driver initialization fails after RX buffers are added, virtio net frees RX buffers while VQs are still active, potentially causing device to use a freed buffer. To fix, reset device first - same as we do on device removal. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'drivers/net/virtio_net.c')
-rw-r--r--drivers/net/virtio_net.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index aba7b93286b3..53031e58a5fc 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
1830 return 0; 1830 return 0;
1831 1831
1832free_recv_bufs: 1832free_recv_bufs:
1833 vi->vdev->config->reset(vdev);
1834
1833 free_receive_bufs(vi); 1835 free_receive_bufs(vi);
1834 unregister_netdev(dev); 1836 unregister_netdev(dev);
1835free_vqs: 1837free_vqs:
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-22 17:38:30 -0500