| Message ID | 3c8905c75dbc9973eb9f0dd0823a0989ee2e12d1.1311755243.git.amit.shah@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Wed, Jul 27, 2011 at 02:00:31PM +0530, Amit Shah wrote: > virtio_cleanup() will remove the VirtIONet struct that gets allocated > via virtio_common_init(). Ensure we don't dereference the structure > after calling the cleanup function. > > Signed-off-by: Amit Shah <amit.shah@redhat.com> I see. It's not a use after free but will be once you make virtio_cleanup free the vdev? > --- > hw/virtio-net.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/hw/virtio-net.c b/hw/virtio-net.c > index a32cc01..3f10391 100644 > --- a/hw/virtio-net.c > +++ b/hw/virtio-net.c > @@ -1073,6 +1073,6 @@ void virtio_net_exit(VirtIODevice *vdev) > qemu_bh_delete(n->tx_bh); > } > > - virtio_cleanup(&n->vdev); > qemu_del_vlan_client(&n->nic->nc); > + virtio_cleanup(&n->vdev); > } > -- > 1.7.6
On (Wed) 27 Jul 2011 [11:43:44], Michael S. Tsirkin wrote: > On Wed, Jul 27, 2011 at 02:00:31PM +0530, Amit Shah wrote: > > virtio_cleanup() will remove the VirtIONet struct that gets allocated > > via virtio_common_init(). Ensure we don't dereference the structure > > after calling the cleanup function. > > > > Signed-off-by: Amit Shah <amit.shah@redhat.com> > > I see. It's not a use after free but will be once > you make virtio_cleanup free the vdev? Yes, the next patch. Amit
diff --git a/hw/virtio-net.c b/hw/virtio-net.c index a32cc01..3f10391 100644 --- a/hw/virtio-net.c +++ b/hw/virtio-net.c @@ -1073,6 +1073,6 @@ void virtio_net_exit(VirtIODevice *vdev) qemu_bh_delete(n->tx_bh); } - virtio_cleanup(&n->vdev); qemu_del_vlan_client(&n->nic->nc); + virtio_cleanup(&n->vdev); }
virtio_cleanup() will remove the VirtIONet struct that gets allocated via virtio_common_init(). Ensure we don't dereference the structure after calling the cleanup function. Signed-off-by: Amit Shah <amit.shah@redhat.com> --- hw/virtio-net.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)