summaryrefslogtreecommitdiffstats
path: root/drivers/net
diff options
context:
space:
mode:
authorDavid Vrabel <david.vrabel@citrix.com>2016-01-15 15:55:36 +0100
committerDavid S. Miller <davem@davemloft.net>2016-01-15 21:13:19 +0100
commit9c6f3ffe8200327d1cf2aad2ff2b414adaacbe96 (patch)
tree8240a079a4eb513a9d71565a3051526d71329dda /drivers/net
parentxen-netback: delete NAPI instance when queue fails to initialize (diff)
downloadlinux-9c6f3ffe8200327d1cf2aad2ff2b414adaacbe96.tar.xz
linux-9c6f3ffe8200327d1cf2aad2ff2b414adaacbe96.zip
xen-netback: free queues after freeing the net device
If a queue still has a NAPI instance added to the net device, freeing the queues early results in a use-after-free. The shouldn't ever happen because we disconnect and tear down all queues before freeing the net device, but doing this makes it obviously safe. Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net')
-rw-r--r--drivers/net/xen-netback/interface.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index 3bba6ceee132..f5231a2dd2ac 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -685,22 +685,16 @@ void xenvif_deinit_queue(struct xenvif_queue *queue)
void xenvif_free(struct xenvif *vif)
{
- struct xenvif_queue *queue = NULL;
+ struct xenvif_queue *queues = vif->queues;
unsigned int num_queues = vif->num_queues;
unsigned int queue_index;
unregister_netdev(vif->dev);
-
- for (queue_index = 0; queue_index < num_queues; ++queue_index) {
- queue = &vif->queues[queue_index];
- xenvif_deinit_queue(queue);
- }
-
- vfree(vif->queues);
- vif->queues = NULL;
- vif->num_queues = 0;
-
free_netdev(vif->dev);
+ for (queue_index = 0; queue_index < num_queues; ++queue_index)
+ xenvif_deinit_queue(&queues[queue_index]);
+ vfree(queues);
+
module_put(THIS_MODULE);
}