original_kernel/virt/kvm
Dan Carpenter a0f1d21c1c KVM: use after free in kvm_ioctl_create_device()
We should move the ops->destroy(dev) after the list_del(&dev->vm_node)
so that we don't use "dev" after freeing it.

Fixes: a28ebea2ad ("KVM: Protect device ops->create and list_add with kvm->lock")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-12-01 16:10:50 +01:00
..
arm KVM: arm/arm64: vgic: Don't notify EOI for non-SPIs 2016-11-24 13:12:07 +00:00
Kconfig KVM: remove kvm_vcpu_compatible 2016-06-16 00:05:00 +02:00
async_pf.c KVM: async_pf: avoid recursive flushing of work items 2016-11-19 19:04:17 +01:00
async_pf.h
coalesced_mmio.c
coalesced_mmio.h
eventfd.c KVM: fix OOPS on flush_work 2016-10-26 14:06:51 +02:00
irqchip.c KVM/ARM Changes for v4.8 - Take 2 2016-08-04 13:59:56 +02:00
kvm_main.c KVM: use after free in kvm_ioctl_create_device() 2016-12-01 16:10:50 +01:00
vfio.c
vfio.h