From 781df457cb0222cdffee7de38c41938e72b430bd Mon Sep 17 00:00:00 2001 From: "Anand H. Krishnan" Date: Mon, 28 Mar 2016 11:02:03 +0530 Subject: [PATCH] Unregister the net device notifier before vhost exit Unregister the net device notifier before going ahead and freeing the memory that the vhost driver keeps. If the notifier is not unregistered first, it can potentially access freed memory that vhost driver maintains. Change-Id: I2a51af25f591f0646876cc6f289df0eb03fc3655 Closes-BUG: #1561589 --- linux/vhost_dev.c | 6 ++++-- linux/vr_host_interface.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/linux/vhost_dev.c b/linux/vhost_dev.c index 8be7ea910..0ea798cd0 100644 --- a/linux/vhost_dev.c +++ b/linux/vhost_dev.c @@ -494,7 +494,7 @@ vhost_dellink(struct net_device *dev, struct list_head *head) vp = netdev_priv(dev); if (vp) { - if (vp->vp_db_index >= 0) + if (vhost_priv_db && vp->vp_db_index >= 0) vhost_priv_db[vp->vp_db_index] = NULL; vp->vp_db_index = -1; @@ -566,8 +566,10 @@ void vhost_exit(void) { vhost_netlink_exit(); - if (vhost_priv_db) + if (vhost_priv_db) { kfree(vhost_priv_db); + vhost_priv_db = NULL; + } return; } diff --git a/linux/vr_host_interface.c b/linux/vr_host_interface.c index 9f99565c3..da3d995b3 100644 --- a/linux/vr_host_interface.c +++ b/linux/vr_host_interface.c @@ -2334,8 +2334,8 @@ vr_host_vif_init(struct vrouter *router) void vr_host_interface_exit(void) { - vhost_exit(); unregister_netdevice_notifier(&host_if_nb); + vhost_exit(); linux_pkt_dev_free(); #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,39))