UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers/vhost
History
Dan Carpenter bf04132cd6 vhost-vdpa: fix use after free in vhost_vdpa_probe() 
[ Upstream commit e07754e0a1ea2d63fb29574253d1fd7405607343 ]

The put_device() calls vhost_vdpa_release_dev() which calls
ida_simple_remove() and frees "v".  So this call to
ida_simple_remove() is a use after free and a double free.

Fixes: ebe6a354fa ("vhost-vdpa: Call ida_simple_remove() when failed")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <cf53cb61-0699-4e36-a980-94fd4268ff00@moroto.mountain>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-28 17:19:49 +00:00
..
Kconfig vhost_task: Allow vhost layer to use copy_process 2023-03-23 12:45:36 +01:00
Makefile vhost: introduce vDPA-based backend 2020-04-02 10:41:40 -04:00
iotlb.c vhost_iotlb: split out IOTLB initialization 2022-05-31 12:44:28 -04:00
net.c vhost: convert poll work to be vq based 2023-07-03 12:15:13 -04:00
scsi.c vhost-scsi: Rename vhost_scsi_iov_to_sgl 2023-08-10 15:24:28 -04:00
test.c vhost-test: remove meaningless debug info 2023-02-20 19:26:58 -05:00
test.h tools/virtio: Add --reset 2020-06-22 12:34:21 -04:00
vdpa.c vhost-vdpa: fix use after free in vhost_vdpa_probe() 2023-11-28 17:19:49 +00:00
vhost.c vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE 2023-10-18 11:29:56 -04:00
vhost.h vhost: Make parameter name match of vhost_get_vq_desc() 2023-07-03 12:15:15 -04:00
vringh.c vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() 2023-10-04 08:26:48 +01:00
vsock.c vhost_sock: convert to vhost_vq_work_queue 2023-07-03 12:15:13 -04:00