Project

General

Profile

Actions
Copy link

Bug #9790

closed

buffer freed to wrong cache in virtio_register_intx

Added by Hans Rosenfeld about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Hans Rosenfeld
Category:
-
Start date:
2018-09-04
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

The cleanup code path in virtio_register_intx() frees a structure with a different size than it was allocated with, leading to all sorts of pain.

Actions
Copy link
 #1

Updated by Hans Rosenfeld about 5 years ago

Testing: I tested this by running it on bhyve without the fix for 9792, where this cleanup code path is taken.

Actions
Copy link
 #2

Updated by Electric Monk about 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 9f16e2df28efab26216cf68e3841c0a460c5bb73

commit  9f16e2df28efab26216cf68e3841c0a460c5bb73
Author: Hans Rosenfeld <hans.rosenfeld@joyent.com>
Date:   2018-09-26T19:30:14.000Z

    9790 buffer freed to wrong cache in virtio_register_intx
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Reviewed by: Andy Fiddaman <omnios@citrus-it.net>
    Approved by: Garrett D'Amore <garrett@damore.org>

Actions
Copy link

Also available in: Atom PDF