virtio_net: fix use after free on allocation failure

In the extremely unlikely event that driver initialization fails after RX buffers are added, virtio net frees RX buffers while VQs are still active, potentially causing device to use a freed buffer. To fix, reset device first - same as we do on device removal. Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Reviewed-by: N Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>

virtio_net: fix use after free on allocation failure
In the extremely unlikely event that driver initialization fails after RX buffers are added, virtio net frees RX buffers while VQs are still active, potentially causing device to use a freed buffer. To fix, reset device first - same as we do on device removal. Signed-off-by: N Michael S. Tsirkin <mst@redhat.com> Reviewed-by: N Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>
02465555 · Michael S. Tsirkin · Rusty Russell · 64b4cc39 · 02465555
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

drivers/net/virtio_net.c drivers/net/virtio_net.c +2 -0

未找到文件。
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
 	return 0;
 free_recv_bufs:
+	vi->vdev->config->reset(vdev);
 	free_receive_bufs(vi);
 	unregister_netdev(dev);
 free_vqs: