Commit 02465555 authored by Michael S. Tsirkin's avatar Michael S. Tsirkin Committed by Rusty Russell

virtio_net: fix use after free on allocation failure

In the extremely unlikely event that driver initialization fails after
RX buffers are added, virtio net frees RX buffers while VQs are
still active, potentially causing device to use a freed buffer.

To fix, reset device first - same as we do on device removal.
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: default avatarCornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
parent 64b4cc39
...@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev) ...@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
return 0; return 0;
free_recv_bufs: free_recv_bufs:
vi->vdev->config->reset(vdev);
free_receive_bufs(vi); free_receive_bufs(vi);
unregister_netdev(dev); unregister_netdev(dev);
free_vqs: free_vqs:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment