mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ae440bd14c
qemu/hw
History
Wei Wang ae440bd14c virtio-balloon: fix a use-after-free case 
The elem could theorically contain both outbuf and inbufs. We move the
free operation to the end of this function to avoid using elem->in_sg
while elem has been freed.

Fixes: c13c4153f7
("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Peter Xu <peterx@redhat.com>
Message-Id: <1552383280-4122-1-git-send-email-wei.w.wang@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-03-12 21:22:31 -04:00
..
9pfs virtio: express virtio dependencies with Kconfig 2019-03-07 21:45:53 +01:00
acpi Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
adc kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
alpha - qtest fixes 2019-03-08 16:31:34 +00:00
arm audio: introduce -audiodev 2019-03-12 16:45:13 +00:00
audio audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
block pflash_cfi01: Add pflash_cfi01_get_blk() helper 2019-03-11 22:53:44 +01:00
bt kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
char spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
core Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
cpu kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
cris cris-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
display audio: introduce -audiodev 2019-03-12 16:45:13 +00:00
dma isa: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
gpio i2c: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
hppa - qtest fixes 2019-03-08 16:31:34 +00:00
hyperv hyperv: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
i2c PPC: E500: Add FSL I2C controller and integrate RTC with it 2019-03-12 14:33:04 +11:00
i386 Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
ide isa: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
input audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
intc spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
ipack build: convert pci.mak to Kconfig 2019-03-07 21:45:53 +01:00
ipmi ipmi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
isa isa: express SuperIO dependencies with Kconfig 2019-03-07 21:45:53 +01:00
lm32 pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
m68k m68k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
mem ppc64: Express dependencies of 'pseries' and 'powernv' machines with kconfig 2019-03-07 21:45:53 +01:00
microblaze pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
mips pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
misc sparc-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
moxie moxie-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
net spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
nios2 nios2-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
nvram fw_cfg and thunk code clean up 2019-03-12 12:29:53 +00:00
openrisc or1k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
pci build: convert pci.mak to Kconfig 2019-03-07 21:45:53 +01:00
pci-bridge i386-softmmu.mak: remove all CONFIG_* except boards definitions 2019-03-07 21:45:53 +01:00
pci-host ppc: Express dependencies of the Mac machines with kconfig 2019-03-07 21:46:19 +01:00
pcmcia kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
ppc Pflash and firmware configuration patches for 2019-03-11 2019-03-12 11:12:36 +00:00
rdma hw/rdma: modify struct initialization 2019-01-19 11:01:33 +02:00
riscv riscv/Kconfig: enable PCI_DEVICES 2019-03-11 16:33:49 +01:00
s390x s390x: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
scsi spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
sd sd: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
sh4 pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
smbios kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
sparc sparc-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
sparc64 sparc64-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
ssi ssi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
timer i386-softmmu.mak: remove all CONFIG_* except boards definitions 2019-03-07 21:45:53 +01:00
tpm tpm: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
tricore - qtest fixes 2019-03-08 16:31:34 +00:00
unicore32 unicore32-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
usb audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
vfio VFIO updates 2019-03-11 2019-03-12 13:37:29 +00:00
virtio virtio-balloon: fix a use-after-free case 2019-03-12 21:22:31 -04:00
watchdog ptimer: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
xen xen: fix xen-bus state model to allow frontend re-connection 2019-02-04 11:04:49 +00:00
xenpv xen: Replace few mentions of xend by libxl 2019-01-14 13:45:40 +00:00
xtensa hw: Use PFLASH_CFI0{1,2} and TYPE_PFLASH_CFI0{1,2} 2019-03-11 22:53:44 +01:00
Kconfig ptimer: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
Makefile.objs i2c: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00