Commit 9c6f3ffe authored by David Vrabel's avatar David Vrabel Committed by David S. Miller

xen-netback: free queues after freeing the net device

If a queue still has a NAPI instance added to the net device, freeing
the queues early results in a use-after-free.

The shouldn't ever happen because we disconnect and tear down all queues
before freeing the net device, but doing this makes it obviously safe.
Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4a658527
...@@ -685,22 +685,16 @@ void xenvif_deinit_queue(struct xenvif_queue *queue) ...@@ -685,22 +685,16 @@ void xenvif_deinit_queue(struct xenvif_queue *queue)
void xenvif_free(struct xenvif *vif) void xenvif_free(struct xenvif *vif)
{ {
struct xenvif_queue *queue = NULL; struct xenvif_queue *queues = vif->queues;
unsigned int num_queues = vif->num_queues; unsigned int num_queues = vif->num_queues;
unsigned int queue_index; unsigned int queue_index;
unregister_netdev(vif->dev); unregister_netdev(vif->dev);
for (queue_index = 0; queue_index < num_queues; ++queue_index) {
queue = &vif->queues[queue_index];
xenvif_deinit_queue(queue);
}
vfree(vif->queues);
vif->queues = NULL;
vif->num_queues = 0;
free_netdev(vif->dev); free_netdev(vif->dev);
for (queue_index = 0; queue_index < num_queues; ++queue_index)
xenvif_deinit_queue(&queues[queue_index]);
vfree(queues);
module_put(THIS_MODULE); module_put(THIS_MODULE);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment