Re: [PATCH 1/2] virtio_pci: double free and invalid memory access of device vqs

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2015-01-04 11:12:51
Also in: lkml

On Fri, Jan 02, 2015 at 02:47:39PM -0500, Sasha Levin wrote:

Device VQs were getting freed twice: once in every devices removal functions,
and then again in virtio_pci_legacy_remove().

Signed-off-by: Sasha Levin <redacted>

I see.  This used to be harmless because it used to be idempotent,
and safe to call any number of times.

I think your patch is right for 3.20:

Acked-by: Michael S. Tsirkin <mst@redhat.com>

but for 3.19 I'd prefer a more conservative approach of making
del_vqs idempotent again.

I'll post a patch like this shortly.

quoted hunk ↗ jump to hunk

---
 drivers/virtio/virtio_pci_legacy.c |    1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c
index 6c76f0f..913ca23 100644
--- a/drivers/virtio/virtio_pci_legacy.c
+++ b/drivers/virtio/virtio_pci_legacy.c

@@ -298,7 +298,6 @@ void virtio_pci_legacy_remove(struct pci_dev *pci_dev)
 
 	unregister_virtio_device(&vp_dev->vdev);
 
-	vp_del_vqs(&vp_dev->vdev);
 	pci_iounmap(pci_dev, vp_dev->ioaddr);
 	pci_release_regions(pci_dev);
 	pci_disable_device(pci_dev);

-- 
1.7.10.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help