|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.16] vpci/msix: remove from table list on detach
commit 8f3f8f20de5cea704671d4ca83f2dceb93ab98d8
Author: Roger Pau Monné <roger.pau@xxxxxxxxxx>
AuthorDate: Mon Oct 31 13:25:40 2022 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Oct 31 13:25:40 2022 +0100
vpci/msix: remove from table list on detach
Teardown of MSIX vPCI related data doesn't currently remove the MSIX
device data from the list of MSIX tables handled by the domain,
leading to a use-after-free of the data in the msix structure.
Remove the structure from the list before freeing in order to solve
it.
Reported-by: Jan Beulich <jbeulich@xxxxxxxx>
Fixes: d6281be9d0 ('vpci/msix: add MSI-X handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
master commit: c14aea137eab29eb9c30bfad745a00c65ad21066
master date: 2022-10-26 14:56:58 +0200
---
xen/drivers/vpci/vpci.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 53d78d5391..b9339f8f3e 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -51,8 +51,12 @@ void vpci_remove_device(struct pci_dev *pdev)
xfree(r);
}
spin_unlock(&pdev->vpci->lock);
- if ( pdev->vpci->msix && pdev->vpci->msix->pba )
- iounmap(pdev->vpci->msix->pba);
+ if ( pdev->vpci->msix )
+ {
+ list_del(&pdev->vpci->msix->next);
+ if ( pdev->vpci->msix->pba )
+ iounmap(pdev->vpci->msix->pba);
+ }
xfree(pdev->vpci->msix);
xfree(pdev->vpci->msi);
xfree(pdev->vpci);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |