Re: [PATCH net] vhost-net: fix use-after-free in vhost_net_flush

From: "Michael S. Tsirkin" Date: Thu, 20 Jun 2013 14:48:13 +0300 > vhost_net_ubuf_put_and_wait has a confusing name: > it will actually also free it's argument. > Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 Never reference commits only by SHA1 ID, it is never sufficient. Always p

Re: [PATCH net] vhost-net: fix use-after-free in vhost_net_flush

On Thu, Jun 20, 2013 at 02:48:13PM +0300, Michael S. Tsirkin wrote: > vhost_net_ubuf_put_and_wait has a confusing name: > it will actually also free it's argument. > Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 > vhost_net_flush tries to use the argument after passing it > to vhost_ne

Re: [PATCH net] vhost-net: fix use-after-free in vhost_net_flush

On 06/20/2013 07:48 PM, Michael S. Tsirkin wrote: > vhost_net_ubuf_put_and_wait has a confusing name: > it will actually also free it's argument. > Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 > vhost_net_flush tries to use the argument after passing it > to vhost_net_ubuf_put_and_wai

Re: [PATCH net] vhost-net: fix use-after-free in vhost_net_flush

Hello. On 20-06-2013 15:48, Michael S. Tsirkin wrote: vhost_net_ubuf_put_and_wait has a confusing name: it will actually also free it's argument. Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 Please also specify that commit's summary line in parens. vhost_net_flush tries to

[PATCH net] vhost-net: fix use-after-free in vhost_net_flush

vhost_net_ubuf_put_and_wait has a confusing name: it will actually also free it's argument. Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01 vhost_net_flush tries to use the argument after passing it to vhost_net_ubuf_put_and_wait, this results in use after free. To fix, don't free the ar