|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] vpci/msix: remove from table list on detach
commit c14aea137eab29eb9c30bfad745a00c65ad21066
Author: Roger Pau Monné <roger.pau@xxxxxxxxxx>
AuthorDate: Wed Oct 26 14:56:58 2022 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Oct 26 14:56:58 2022 +0200
vpci/msix: remove from table list on detach
Teardown of MSIX vPCI related data doesn't currently remove the MSIX
device data from the list of MSIX tables handled by the domain,
leading to a use-after-free of the data in the msix structure.
Remove the structure from the list before freeing in order to solve
it.
Reported-by: Jan Beulich <jbeulich@xxxxxxxx>
Fixes: d6281be9d0 ('vpci/msix: add MSI-X handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx>
---
xen/drivers/vpci/vpci.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 647f7af679..98198dc2c9 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -51,8 +51,12 @@ void vpci_remove_device(struct pci_dev *pdev)
xfree(r);
}
spin_unlock(&pdev->vpci->lock);
- if ( pdev->vpci->msix && pdev->vpci->msix->pba )
- iounmap(pdev->vpci->msix->pba);
+ if ( pdev->vpci->msix )
+ {
+ list_del(&pdev->vpci->msix->next);
+ if ( pdev->vpci->msix->pba )
+ iounmap(pdev->vpci->msix->pba);
+ }
xfree(pdev->vpci->msix);
xfree(pdev->vpci->msi);
xfree(pdev->vpci);
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |