[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH for-4.17 v2 2/5] vpci/msix: remove from table list on detach

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Tue, 25 Oct 2022 16:44:15 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0Y6+G/P0SSRWP2XYjLdchAyuuRyJ+VKYBcPw6vHLtIQ=; b=I8B+zYP/nl/9JGepU4yBqnHhlAtE6w/Q2X0HtQdQDsp3wdMbX1NTU+GpRiKDAW7UA2KRtHEwLJOzFiTL4bUNyIH4pq03X4PlyXI7dKit/HLVivuGYqS+TqNKnsM/KVGn2LAMePWbGQO9e+ZYWUib35vzaet6TvDu1u3GMZpd7EYkcH3YlRSWN2cCLfxp2GBpQAvxIqqmtLyDSxV4pl9I65b+5ja0EXP8h2St+j7EmwdmIAAXijladLhIz47AZaBQxgzC/hi8novzofelfXidRT8OS767O3yxmVM0WtxzFd0TOQBvNJGPunG/+XiSHEiq5iiuVoFAglkLmVh7fTqwAA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AG5xutlvRldI7Rvf6M+d+N9NmqH1+K1cHsck6v7k3Owuz/OreM7V4m0775B1s1/TuDrs6JkhBd9dFK0HmEUwsVH5FOmxM52668eA/UnL0gC6ED7Lt9i2UbBYlNj8vtOtDavmUK+bJuZiaHAaN6QV1aUMEF6zdR9GO2AFIYwJSVtwdj6N9JfObSNlwxFh6ZOKB1Iz73jAU5kcll8DUwrO0MfcbHoKZIJH+FFPhFW+kH6ULS8lry4cqEVEe9w4MQHVpOtpy8mqxYz4G1zZYUayLAKJdWyAAsfegAEY6HQXIb213durgHYZtkLw8HSGCok7KVQzrxeLfOMk8EcztoowYg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Henry.Wang@xxxxxxx, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • Delivery-date: Tue, 25 Oct 2022 14:44:58 +0000
  • Ironport-data: A9a23:xOH9Xqo5/MKMidM6h63nSCxLRvxeBmI7ZBIvgKrLsJaIsI4StFCzt garIBmHaKyNNmL9Kdh/YYu0ph4C7MWAzdIxHgc6rXw1FH8Vo5uZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYGYpLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+4ZwehBtC5gZkPKgR4QeE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m+ a0hDxNSURC6uOuN7L/mSK4rl+c9FZy+VG8fkikIITDxK98DGMmGaIKToNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6Okkooj+SF3Nn9I7RmQe1PmUmVv CTe9nnRCRAGLt2PjzGC9xpAg8efxnurBd9PStVU8NZ730KdxTcTAic5bgKgm9qdq3GXAOBAf hl8Fi0G6PJaGFaQZsnwWVi0rWCJujYYWsFMCKsq5QeV0K3W7g2FQG8eQVZpSNEgrt5wejUs2 XeAhdavDjtq2JWXQ3+A8rafrRupJDMYa2QFYEc5oRAt5tDipMQ4iUvJR9M6Saqt1ISqRXf33 iyAqzU4i/MLl8kX2q6n/FfBxTWxupzOSQ1z7QLSNo640j5EiEeeT9TAwTDmATxode51knHpU KA4pvWj
  • Ironport-hdrordr: A9a23:B2essq6eqLyaBZfNoQPXwVOBI+orL9Y04lQ7vn2ZFiY5TiXIra qTdaogviMc6Ax/ZJjvo6HjBEDmewKnyXcV2/hrAV7GZmXbUQSTXeVfBOfZowEIXheOj9K1tp 0QDJSWdueAamSS5PySiGfYLz9j+qj+zEnBv5aj854Hd3AOV0gP1XYbNu7NeXcGOTWuSKBJYq a0145inX6NaH4XZsO0Cj0sWPXCncTCkNbDbQQdDxAqxQGShXfwgYSKWySw71M7aXdi0L0i+W /Kn0jQ4biiieiyzlv523XI55pbtdP9wp9oBdCKiOISNjLw4zzYLbhJavmnhnQYseuv4FElnJ 3lpAohBd167zfrcmS8sXLWqnzd+Qdrz0Wn5U6TgHPlr8C8bik9EdB9iYVQdQacw1Y8vflnuZ g7k16xht5yN1ftjS7979/HW1VBjUyvu0cvluYVkjh2TZYeUrlMtoYSlXklXavoJBiKprzPLd MeTf01vJ1tABOnhjHizyNSKeWXLzsO9kzseDlAhiSXuwIm7kyRgXFohvD3pU1whK7Ve6M0md gsDZ4Y5Y2mNvVmC56VJN1xNfdfWVa9Ni7kASa1HWnNMp0hFjbkl6PXiY9Fl91CPqZ4h6cPpA ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Teardown of MSIX vPCI related data doesn't currently remove the MSIX
device data from the list of MSIX tables handled by the domain,
leading to a use-after-free of the data in the msix structure.

Remove the structure from the list before freeing in order to solve
it.

Reported-by: Jan Beulich <jbeulich@xxxxxxxx>
Fixes: d6281be9d0 ('vpci/msix: add MSI-X handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
 xen/drivers/vpci/vpci.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 647f7af679..98198dc2c9 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -51,8 +51,12 @@ void vpci_remove_device(struct pci_dev *pdev)
         xfree(r);
     }
     spin_unlock(&pdev->vpci->lock);
-    if ( pdev->vpci->msix && pdev->vpci->msix->pba )
-        iounmap(pdev->vpci->msix->pba);
+    if ( pdev->vpci->msix )
+    {
+        list_del(&pdev->vpci->msix->next);
+        if ( pdev->vpci->msix->pba )
+            iounmap(pdev->vpci->msix->pba);
+    }
     xfree(pdev->vpci->msix);
     xfree(pdev->vpci->msi);
     xfree(pdev->vpci);
-- 
2.37.3

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.