linux_dsm_epyc7002/drivers
Michael S. Tsirkin c38e39c378 vhost-net: fix use-after-free in vhost_net_flush
vhost_net_ubuf_put_and_wait has a confusing name:
it will actually also free it's argument.
Thus since commit 1280c27f8e
    "vhost-net: flush outstanding DMAs on memory change"
vhost_net_flush tries to use the argument after passing it
to vhost_net_ubuf_put_and_wait, this results
in use after free.
To fix, don't free the argument in vhost_net_ubuf_put_and_wait,
add an new API for callers that want to free ubufs.

Acked-by: Asias He <asias@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2013-07-07 14:06:22 +03:00
..
accessibility
acpi ACPI / dock / PCI: Synchronous handling of dock events for PCI devices 2013-06-24 11:22:53 +02:00
amba
ata libata-acpi: add back ACPI based hotplug functionality 2013-06-25 00:51:33 +02:00
atm
auxdisplay
base firmware loader: fix use-after-free by double abort 2013-06-18 10:41:55 -07:00
bcma bcma: add more core IDs 2013-05-17 14:31:05 -04:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-06-29 10:31:15 -07:00
bluetooth Bluetooth: btmrvl: fix thread stopping race 2013-06-13 13:05:40 -04:00
bus
cdrom block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
char random: fix accounting race condition with lockless irq entropy_count update 2013-05-24 16:22:52 -07:00
clk ARM: tegra30: clocks: Fix pciex clock registration 2013-06-16 11:25:45 -07:00
clocksource ARM: late Exynos multiplatform changes 2013-05-07 11:28:42 -07:00
connector
cpufreq cpufreq: fix NULL pointer deference at od_set_powersave_bias() 2013-06-25 22:42:37 +02:00
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-06-10 13:25:50 -07:00
dca
devfreq
dio
dma dmatest: do not allow to interrupt ongoing tests 2013-06-08 02:13:44 +05:30
edac amd64_edac: Fix bogus sysfs file permissions 2013-05-21 09:13:11 +02:00
eisa
extcon Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
firewire IEEE 1394 (FireWire) subsystem changes: 2013-05-09 10:11:48 -07:00
firmware efivar: fix oops in efivar_update_sysfs_entries() caused by memory reuse 2013-05-13 20:20:02 +01:00
gpio gpio/omap: don't use linear domain mapping for OMAP1 2013-06-25 23:13:40 -07:00
gpu drm/qxl: add missing access check for execbuffer ioctl 2013-06-28 13:27:40 +10:00
hid HID: multitouch: prevent memleak with the allocated name 2013-06-12 11:13:38 +02:00
hsi
hv Drivers: hv: Fix a bug in get_vp_index() 2013-05-21 09:56:55 -07:00
hwmon hwmon: (adm1021) Strengthen chip detection for ADM1021, LM84 and MAX1617 2013-06-07 12:29:31 -07:00
hwspinlock A single patch from Vincent extending OMAP's hwspinlock support to OMAP5. 2013-05-07 14:01:27 -07:00
i2c Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-05-21 11:11:45 -07:00
ide block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2013-05-11 15:23:17 -07:00
iio iio:inkern: Fix typo/bug in convert raw to processed. 2013-06-04 18:46:45 +01:00
infiniband Merge branches 'iser' and 'qib' into for-next 2013-06-04 17:06:46 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-06-23 16:12:46 -10:00
iommu IOMMU Updates for Linux v3.10 2013-05-06 14:59:13 -07:00
ipack
irqchip ARM: SoC fixes for 3.10-rc 2013-06-22 09:44:45 -10:00
isdn isdn/kcapi: fix a small underflow 2013-05-20 13:38:14 -07:00
leds drivers/leds/leds-ot200.c: fix error caused by shifted mask 2013-05-24 16:22:51 -07:00
lguest lguest: clear cached last cpu when guest_set_pgd() called. 2013-05-08 10:49:18 +09:30
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
mailbox
md A few bugfixes for md 2013-06-13 10:13:29 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-06-22 08:43:17 -10:00
memory drivers/memory: don't check resource with devm_ioremap_resource 2013-05-18 11:55:52 +02:00
memstick block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
message Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block 2013-05-08 10:13:35 -07:00
mfd mfd: tps6586x: correct device name of the regulator cell 2013-06-24 12:37:47 +01:00
misc Char / Misc fixes for 3.10-rc6 2013-06-14 19:15:36 -10:00
mmc mmc: omap_hsmmc: Skip platform_get_resource_byname() for dt case 2013-05-26 14:23:11 -04:00
mtd drivers/mtd/nand: don't check resource with devm_ioremap_resource 2013-05-18 11:55:55 +02:00
net dlci: validate the net device in dlci_del() 2013-06-26 15:36:42 -07:00
nfc NFC: mei: Do not disable MEI devices from their remove routine 2013-05-21 10:48:41 +02:00
ntb NTB: Multiple NTB client fix 2013-05-15 10:58:22 -07:00
nubus nubus: Kill nubus_proc_detach_device() 2013-05-04 14:47:26 -04:00
of of: Fix locking vs. interrupts 2013-06-13 22:12:14 +01:00
oprofile
parisc parisc: fix serial ports on C8000 workstation 2013-06-18 20:29:07 +02:00
parport parisc: parport0: fix this legacy no-device port driver! 2013-06-01 14:46:42 +02:00
pci ACPI / dock / PCI: Synchronous handling of dock events for PCI devices 2013-06-24 11:22:53 +02:00
pcmcia
pinctrl Renesas ARM based SoC fixes for v3.10 2013-06-07 18:11:02 -07:00
platform x86 / platform / hp_wmi: Fix bluetooth_rfkill misuse in hp_wmi_rfkill_setup() 2013-06-01 23:51:48 +02:00
pnp Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
power Last minute one-liners: wrong kfree usage fix, module alias fixup and 2013-05-25 20:32:49 -07:00
pps Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ps3
ptp ptp_pch: fix error handling in pch_probe() 2013-05-25 21:24:15 -07:00
pwm drivers/pwm: don't check resource with devm_ioremap_resource 2013-05-18 11:55:58 +02:00
rapidio rapidio/tsi721: fix bug in MSI interrupt handling 2013-05-24 16:22:51 -07:00
regulator mfd: tps6586x: correct device name of the regulator cell 2013-06-24 12:37:47 +01:00
remoteproc This pull request contains: 2013-05-07 14:04:56 -07:00
reset
rpmsg A small pull request consisting of: 2013-05-07 14:02:00 -07:00
rtc rtc-at91rm9200: use shadow IMR on at91sam9x5 2013-06-12 16:29:46 -07:00
s390 netiucv: Hold rtnl between name allocation and device registration. 2013-06-13 17:41:18 -07:00
sbus
scsi This patch fixes a critical bug that was introduced in 3.9 2013-06-26 23:08:22 -07:00
sfi
sh
sn
spi Merge remote-tracking branch 'spi/fix/s3c64xx' into spi-linus 2013-06-24 12:28:29 +01:00
ssb - Lots of cleanups from Artem, including deletion of some obsolete drivers 2013-05-09 10:15:46 -07:00
ssbi
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-06-18 06:25:08 -10:00
target iscsi-target: Remove left over v3.10-rc debug printks 2013-06-20 16:47:41 -07:00
tc
thermal drivers/thermal: don't check resource with devm_ioremap_resource 2013-05-18 11:57:30 +02:00
tty TTY fixes for 3.10-rc7 2013-06-22 09:00:28 -10:00
uio uio: UIO_DMEM_GENIRQ should depend on HAS_DMA 2013-05-21 10:13:23 -07:00
usb USB: serial: ti_usb_3410_5052: new device id for Abbot strip port cable 2013-06-19 15:54:45 -07:00
uwb uwb: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
vfio vfio: fix crash on rmmod 2013-06-05 08:54:16 -06:00
vhost vhost-net: fix use-after-free in vhost_net_flush 2013-07-07 14:06:22 +03:00
video atmel_lcdfb: blank the backlight on remove 2013-06-01 03:18:55 +08:00
virt
virtio
vlynq
vme
w1 drivers/w1/masters: don't check resource with devm_ioremap_resource 2013-05-18 11:58:03 +02:00
watchdog drivers/watchdog: don't check resource with devm_ioremap_resource 2013-05-18 11:58:04 +02:00
xen xen/tmem: Don't over-write tmem_frontswap_poolid after tmem_frontswap_init set it. 2013-06-10 10:14:33 -04:00
zorro proc: Supply PDE attribute setting accessor functions 2013-05-01 17:29:18 -04:00
Kconfig ARM: arm-soc driver changes for 3.10 2013-05-04 12:31:18 -07:00
Makefile ARM: arm-soc driver changes for 3.10 2013-05-04 12:31:18 -07:00