From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Olaf Hering <olaf@aepfle.de>,
Jan Beulich <jbeulich@suse.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: [ 16/46] xen-blkback: do not leak mode property
Date: Fri, 1 Mar 2013 11:45:04 -0800 [thread overview]
Message-ID: <20130301194433.949652254@linuxfoundation.org> (raw)
In-Reply-To: <20130301194432.263409302@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Beulich <JBeulich@suse.com>
commit 9d092603cc306ee6edfe917bf9ab8beb5f32d7bc upstream.
"be->mode" is obtained from xenbus_read(), which does a kmalloc() for
the message body. The short string is never released, so do it along
with freeing "be" itself, and make sure the string isn't kept when
backend_changed() doesn't complete successfully (which made it
desirable to slightly re-structure that function, so that the error
cleanup can be done in one place).
Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/xen-blkback/xenbus.c | 49 ++++++++++++++++++-------------------
1 file changed, 24 insertions(+), 25 deletions(-)
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -367,6 +367,7 @@ static int xen_blkbk_remove(struct xenbu
be->blkif = NULL;
}
+ kfree(be->mode);
kfree(be);
dev_set_drvdata(&dev->dev, NULL);
return 0;
@@ -502,6 +503,7 @@ static void backend_changed(struct xenbu
= container_of(watch, struct backend_info, backend_watch);
struct xenbus_device *dev = be->dev;
int cdrom = 0;
+ unsigned long handle;
char *device_type;
DPRINTK("");
@@ -521,10 +523,10 @@ static void backend_changed(struct xenbu
return;
}
- if ((be->major || be->minor) &&
- ((be->major != major) || (be->minor != minor))) {
- pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n",
- be->major, be->minor, major, minor);
+ if (be->major | be->minor) {
+ if (be->major != major || be->minor != minor)
+ pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n",
+ be->major, be->minor, major, minor);
return;
}
@@ -542,36 +544,33 @@ static void backend_changed(struct xenbu
kfree(device_type);
}
- if (be->major == 0 && be->minor == 0) {
- /* Front end dir is a number, which is used as the handle. */
+ /* Front end dir is a number, which is used as the handle. */
+ err = strict_strtoul(strrchr(dev->otherend, '/') + 1, 0, &handle);
+ if (err)
+ return;
- char *p = strrchr(dev->otherend, '/') + 1;
- long handle;
- err = strict_strtoul(p, 0, &handle);
- if (err)
- return;
+ be->major = major;
+ be->minor = minor;
- be->major = major;
- be->minor = minor;
-
- err = xen_vbd_create(be->blkif, handle, major, minor,
- (NULL == strchr(be->mode, 'w')), cdrom);
- if (err) {
- be->major = 0;
- be->minor = 0;
- xenbus_dev_fatal(dev, err, "creating vbd structure");
- return;
- }
+ err = xen_vbd_create(be->blkif, handle, major, minor,
+ !strchr(be->mode, 'w'), cdrom);
+ if (err)
+ xenbus_dev_fatal(dev, err, "creating vbd structure");
+ else {
err = xenvbd_sysfs_addif(dev);
if (err) {
xen_vbd_free(&be->blkif->vbd);
- be->major = 0;
- be->minor = 0;
xenbus_dev_fatal(dev, err, "creating sysfs entries");
- return;
}
+ }
+ if (err) {
+ kfree(be->mode);
+ be->mode = NULL;
+ be->major = 0;
+ be->minor = 0;
+ } else {
/* We're potentially connected now */
xen_update_blkif_status(be->blkif);
}
next prev parent reply other threads:[~2013-03-01 19:46 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-01 19:44 [ 00/46] 3.4.35-stable review Greg Kroah-Hartman
2013-03-01 19:44 ` [ 01/46] ALSA: hda - hdmi: Make jacks phantom, if theyre not detectable Greg Kroah-Hartman
2013-03-01 19:44 ` [ 02/46] quota: autoload the quota_v2 module for QFMT_VFS_V1 quota format Greg Kroah-Hartman
2013-03-01 19:44 ` [ 03/46] iommu/amd: Initialize device table after dma_ops Greg Kroah-Hartman
2013-03-01 19:44 ` [ 04/46] posix-timer: Dont call idr_find() with out-of-range ID Greg Kroah-Hartman
2013-03-01 19:44 ` [ 05/46] ftrace: Call ftrace cleanup module notifier after all other notifiers Greg Kroah-Hartman
2013-03-01 19:44 ` [ 06/46] x86, efi: Make "noefi" really disable EFI runtime serivces Greg Kroah-Hartman
2013-03-01 19:44 ` [ 07/46] doc, xen: Mention earlyprintk=xen in the documentation Greg Kroah-Hartman
2013-03-01 19:44 ` [ 08/46] doc, kernel-parameters: Document console=hvc<n> Greg Kroah-Hartman
2013-03-01 19:44 ` [ 09/46] x86: Make sure we can boot in the case the BDA contains pure garbage Greg Kroah-Hartman
2013-03-01 19:44 ` [ 10/46] target: Fix lookup of dynamic NodeACLs during cached demo-mode operation Greg Kroah-Hartman
2013-03-01 19:44 ` [ 11/46] target: Add missing mapped_lun bounds checking during make_mappedlun setup Greg Kroah-Hartman
2013-03-01 19:45 ` [ 12/46] ocfs2: fix possible use-after-free with AIO Greg Kroah-Hartman
2013-03-01 19:45 ` [ 13/46] ocfs2: fix ocfs2_init_security_and_acl() to initialize acl correctly Greg Kroah-Hartman
2013-03-01 19:45 ` [ 14/46] ocfs2: ac->ac_allow_chain_relink=0 wont disable group relink Greg Kroah-Hartman
2013-03-01 19:45 ` [ 15/46] block: fix ext_devt_idr handling Greg Kroah-Hartman
2013-03-01 19:45 ` Greg Kroah-Hartman [this message]
2013-03-01 19:45 ` [ 17/46] xen/blkback: Dont trust the handle from the frontend Greg Kroah-Hartman
2013-03-01 19:45 ` [ 18/46] idr: fix a subtle bug in idr_get_next() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 19/46] block: fix synchronization and limit check in blk_alloc_devt() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 20/46] firewire: add minor number range check to fw_device_init() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 21/46] sysctl: fix null checking in bin_dn_node_address() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 22/46] fs: Fix possible use-after-free with AIO Greg Kroah-Hartman
2013-03-01 19:45 ` [ 23/46] media: rc: unlock on error in show_protocols() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 24/46] ext4: check bh in ext4_read_block_bitmap() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 25/46] ext4: fix race in ext4_mb_add_n_trim() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 26/46] ext4: fix xattr block allocation/release with bigalloc Greg Kroah-Hartman
2013-03-01 19:45 ` [ 27/46] ext4: fix free clusters calculation in bigalloc filesystem Greg Kroah-Hartman
2013-03-01 19:45 ` [ 28/46] nfsd: Fix memleak Greg Kroah-Hartman
2013-03-01 19:45 ` [ 29/46] svcrpc: make svc_age_temp_xprts enqueue under sv_lock Greg Kroah-Hartman
2013-03-01 19:45 ` [ 30/46] vhost: fix length for cross region descriptor Greg Kroah-Hartman
2013-03-01 19:45 ` [ 31/46] fuse: dont WARN when nlink is zero Greg Kroah-Hartman
2013-03-01 19:45 ` [ 32/46] unbreak automounter support on 64-bit kernel with 32-bit userspace (v2) Greg Kroah-Hartman
2013-03-01 19:45 ` [ 33/46] ath9k_hw: fix calibration issues on chainmask that dont include chain 0 Greg Kroah-Hartman
2013-03-01 19:45 ` [ 34/46] pstore: Avoid deadlock in panic and emergency-restart path Greg Kroah-Hartman
2013-03-01 19:45 ` [ 35/46] cpuset: fix cpuset_print_task_mems_allowed() vs rename() race Greg Kroah-Hartman
2013-03-01 19:45 ` [ 36/46] cgroup: fix exit() vs rmdir() race Greg Kroah-Hartman
2013-03-01 19:45 ` [ 37/46] ab8500-chargalg: Only root should have write permission on sysfs file Greg Kroah-Hartman
2013-03-01 19:45 ` [ 38/46] ab8500_btemp: Demote initcall sequence Greg Kroah-Hartman
2013-03-01 19:45 ` [ 39/46] ACPI: Add DMI entry for Sony VGN-FW41E_H Greg Kroah-Hartman
2013-03-01 19:45 ` [ 40/46] staging: comedi: ni_labpc: correct differential channel sequence for AI commands Greg Kroah-Hartman
2013-03-01 19:45 ` [ 41/46] staging: comedi: ni_labpc: set up command4 register *after* command3 Greg Kroah-Hartman
2013-03-01 19:45 ` [ 42/46] staging: comedi: check s->async for poll(), read() and write() Greg Kroah-Hartman
2013-03-01 19:45 ` [ 43/46] perf tools: Fix build with bison 2.3 and older Greg Kroah-Hartman
2013-03-01 19:45 ` [ 44/46] ata_piix: IDE-mode SATA patch for Intel Avoton DeviceIDs Greg Kroah-Hartman
2013-03-01 19:45 ` [ 45/46] ata_piix: Add Device IDs for Intel Wellsburg PCH Greg Kroah-Hartman
2013-03-01 19:45 ` [ 46/46] [hid] usb hid quirks for Masterkit MA901 usb radio Greg Kroah-Hartman
2013-03-02 3:59 ` [ 00/46] 3.4.35-stable review Shuah Khan
2013-03-03 11:48 ` Satoru Takeuchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130301194433.949652254@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jbeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.