From: Michael S. Tsirkin <mst@redhat.com>
Date: Tue, 14 Oct 2014 23:52:31 +0000 (+1030)
Subject: virtio_net: fix use after free on allocation failure
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=024655555021e971203c519770609509e0af4468;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

virtio_net: fix use after free on allocation failure

In the extremely unlikely event that driver initialization fails after
RX buffers are added, virtio net frees RX buffers while VQs are
still active, potentially causing device to use a freed buffer.

To fix, reset device first - same as we do on device removal.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index aba7b93286b3..53031e58a5fc 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1830,6 +1830,8 @@ static int virtnet_probe(struct virtio_device *vdev)
 	return 0;
 
 free_recv_bufs:
+	vi->vdev->config->reset(vdev);
+
 	free_receive_bufs(vi);
 	unregister_netdev(dev);
 free_vqs: