Re: [PATCH] Drivers: hv: vmbus: Use after free in __vmbus_open()

From: Wei Liu
Date: Fri Apr 16 2021 - 06:37:31 EST

Next message: Tero Kristo: "Re: [PATCH 0/4] dt-bindings: soc/arm: Convert pending ti,sci* bindings to json format"
Previous message: David Hildenbrand: "Re: [PATCH v8 4/8] mm,memory_hotplug: Allocate memmap from the added memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 13, 2021 at 05:42:21PM +0200, Andrea Parri wrote:
> On Tue, Apr 13, 2021 at 01:50:04PM +0300, Dan Carpenter wrote:
> > The "open_info" variable is added to the &vmbus_connection.chn_msg_list,
> > but the error handling frees "open_info" without removing it from the
> > list. This will result in a use after free. First remove it from the
> > list, and then free it.
> >
> > Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> I had this 'queued' in my list,
>
> Reviewed-by: Andrea Parri <parri.andrea@xxxxxxxxx>

Applied. Thanks.

Next message: Tero Kristo: "Re: [PATCH 0/4] dt-bindings: soc/arm: Convert pending ti,sci* bindings to json format"
Previous message: David Hildenbrand: "Re: [PATCH v8 4/8] mm,memory_hotplug: Allocate memmap from the added memory range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]