qemu/hw/virtio
Wei Wang ae440bd14c virtio-balloon: fix a use-after-free case
The elem could theorically contain both outbuf and inbufs. We move the
free operation to the end of this function to avoid using elem->in_sg
while elem has been freed.

Fixes: c13c4153f7
("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Peter Xu <peterx@redhat.com>
Message-Id: <1552383280-4122-1-git-send-email-wei.w.wang@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-03-12 21:22:31 -04:00
..
Kconfig s390x: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
Makefile.objs virtio: express virtio dependencies with Kconfig 2019-03-07 21:45:53 +01:00
trace-events vhost: add trace for IOTLB miss 2018-05-23 03:14:41 +03:00
vhost-backend.c vhost-net: revamp configure logic 2019-02-21 12:28:01 -05:00
vhost-scsi-pci.c virtio: split vhost scsi bits from virtio-pci 2019-01-17 21:10:57 -05:00
vhost-stub.c vhost-user: introduce shared vhost-user state 2018-05-24 21:14:11 +03:00
vhost-user-blk-pci.c virtio: split vhost user blk bits from virtio-pci 2019-01-17 21:10:57 -05:00
vhost-user-scsi-pci.c virtio: split vhost user scsi bits from virtio-pci 2019-01-17 21:10:57 -05:00
vhost-user.c vhost: restrict Linux dependency to kernel vhost 2019-02-21 12:28:01 -05:00
vhost-vsock-pci.c virtio: split vhost vsock bits from virtio-pci 2019-01-17 21:10:57 -05:00
vhost-vsock.c hw: use "qemu/osdep.h" as first #include in source files 2017-12-18 17:07:02 +03:00
vhost.c vhost: restrict Linux dependency to kernel vhost 2019-02-21 12:28:01 -05:00
virtio-9p-pci.c virtio: split virtio 9p bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-balloon-pci.c virtio: split virtio balloon bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-balloon.c virtio-balloon: fix a use-after-free case 2019-03-12 21:22:31 -04:00
virtio-blk-pci.c virtio: split virtio blk bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-bus.c virtio: remove event notifier cleanup call on de-assign 2018-02-08 21:06:26 +02:00
virtio-crypto-pci.c virtio: split virtio crypto bits from virtio-pci.h 2019-01-17 21:10:57 -05:00
virtio-crypto.c cryptodev: add vhost support 2018-03-01 18:26:17 +02:00
virtio-input-host-pci.c virtio: split virtio input host bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-input-pci.c virtio: split virtio input bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-mmio.c virtio-mmio: switch to linux headers 2017-01-18 22:59:53 +02:00
virtio-net-pci.c virtio: split virtio net bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-pci.c virtio: add class_size to VirtioPCIDeviceTypeInfo 2019-03-11 08:04:12 +01:00
virtio-pci.h virtio: add class_size to VirtioPCIDeviceTypeInfo 2019-03-11 08:04:12 +01:00
virtio-rng-pci.c virtio: split virtio rng bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-rng.c qom: make user_creatable_complete() specific to UserCreatable 2018-12-11 15:45:22 -02:00
virtio-scsi-pci.c virtio: split virtio scsi bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio-serial-pci.c virtio: split virtio serial bits from virtio-pci 2019-01-17 21:10:57 -05:00
virtio.c virtio-net: make VirtIOFeature usable for other virtio devices 2019-02-22 09:42:16 +00:00