superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/vhost
History
Dan Carpenter c0f8b8fb7d vhost-vdpa: fix use after free in vhost_vdpa_probe() 
[ Upstream commit e07754e0a1 ]

The put_device() calls vhost_vdpa_release_dev() which calls
ida_simple_remove() and frees "v".  So this call to
ida_simple_remove() is a use after free and a double free.

Fixes: ebe6a354fa ("vhost-vdpa: Call ida_simple_remove() when failed")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <cf53cb61-0699-4e36-a980-94fd4268ff00@moroto.mountain>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-28 17:07:04 +00:00
..
Kconfig
Makefile
iotlb.c
net.c vhost_net: revert upend_idx only on retriable error 2023-06-28 11:12:40 +02:00
scsi.c
test.c
test.h
vdpa.c vhost-vdpa: fix use after free in vhost_vdpa_probe() 2023-11-28 17:07:04 +00:00
vhost.c vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE 2023-11-02 09:35:23 +01:00
vhost.h vhost: support PACKED when setting-getting vring_base 2023-06-14 11:15:33 +02:00
vringh.c vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() 2023-10-10 22:00:38 +02:00
vsock.c virtio/vsock: replace virtio_vsock_pkt with sk_buff 2023-11-20 11:52:17 +01:00