From a90d5a54cce33c557f88cc92141b2ffee189d4c4 Mon Sep 17 00:00:00 2001 From: "Anand H. Krishnan" Date: Mon, 28 Mar 2016 11:02:03 +0530 Subject: [PATCH] Unregister the net device notifier before vhost exit Unregister the net device notifier before going ahead and freeing the memory that the vhost driver keeps. If the notifier is not unregistered first, it can potentially access freed memory that vhost driver maintains. Change-Id: I2a51af25f591f0646876cc6f289df0eb03fc3655 Closes-BUG: #1561589 --- linux/vhost_dev.c | 6 ++++-- linux/vr_host_interface.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/linux/vhost_dev.c b/linux/vhost_dev.c index 8be7ea910..0ea798cd0 100644 --- a/linux/vhost_dev.c +++ b/linux/vhost_dev.c @@ -494,7 +494,7 @@ vhost_dellink(struct net_device *dev, struct list_head *head) vp = netdev_priv(dev); if (vp) { - if (vp->vp_db_index >= 0) + if (vhost_priv_db && vp->vp_db_index >= 0) vhost_priv_db[vp->vp_db_index] = NULL; vp->vp_db_index = -1; @@ -566,8 +566,10 @@ void vhost_exit(void) { vhost_netlink_exit(); - if (vhost_priv_db) + if (vhost_priv_db) { kfree(vhost_priv_db); + vhost_priv_db = NULL; + } return; } diff --git a/linux/vr_host_interface.c b/linux/vr_host_interface.c index cacc47d3b..16f77f2c1 100644 --- a/linux/vr_host_interface.c +++ b/linux/vr_host_interface.c @@ -2339,8 +2339,8 @@ vr_host_vif_init(struct vrouter *router) void vr_host_interface_exit(void) { - vhost_exit(); unregister_netdevice_notifier(&host_if_nb); + vhost_exit(); linux_pkt_dev_free(); #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,39))