virtio_net: fix use after free on allocation failure

In the extremely unlikely event that driver initialization fails after RX buffers are added, virtio net frees RX buffers while VQs are still active, potentially causing device to use a freed buffer. To fix, reset device first - same as we do on device removal. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
author: Michael S. Tsirkin <mst@redhat.com> 2014-10-14 23:52:31 (GMT)
committer: Rusty Russell <rusty@rustcorp.com.au> 2014-10-14 23:55:05 (GMT)
commit: 024655555021e971203c519770609509e0af4468 (patch)
tree: e0bc0b54628ad7621c4a2fe79062e876615599f6 /drivers/net
parent: 64b4cc3911fe8284dfb3cfdb8065c100b818bab8 (diff)
download: linux-024655555021e971203c519770609509e0af4468.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index aba7b93..53031e5 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
 	return 0;
 
 free_recv_bufs:
+	vi->vdev->config->reset(vdev);
+
 	free_receive_bufs(vi);
 	unregister_netdev(dev);
 free_vqs:
author	Michael S. Tsirkin <mst@redhat.com>	2014-10-14 23:52:31 (GMT)
committer	Rusty Russell <rusty@rustcorp.com.au>	2014-10-14 23:55:05 (GMT)
commit	024655555021e971203c519770609509e0af4468 (patch)
tree	e0bc0b54628ad7621c4a2fe79062e876615599f6 /drivers/net
parent	64b4cc3911fe8284dfb3cfdb8065c100b818bab8 (diff)
download	linux-024655555021e971203c519770609509e0af4468.tar.xz