From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
stable@vger.kernel.org, Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH] xen/blkback: fix reference counting
Date: Fri, 6 Sep 2013 09:37:08 -0400 [thread overview]
Message-ID: <20130906133708.GM2590@phenom.dumpdata.com> (raw)
In-Reply-To: <1378378814-23721-1-git-send-email-vegard.nossum@oracle.com>
On Thu, Sep 05, 2013 at 01:00:14PM +0200, Vegard Nossum wrote:
> If the permission check fails, we drop a reference to the blkif without
> having taken it in the first place. The bug was introduced in commit
> 604c499cbbcc3d5fe5fb8d53306aa0fae1990109 (xen/blkback: Check device
> permissions before allowing OP_DISCARD).
>
> Cc: stable@vger.kernel.org
> Cc: Jan Beulich <JBeulich@suse.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Thank you for spotting that. Let me stick it on my for-jens queue.
> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
> ---
> drivers/block/xen-blkback/blkback.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
> index bf4b9d2..6620b73 100644
> --- a/drivers/block/xen-blkback/blkback.c
> +++ b/drivers/block/xen-blkback/blkback.c
> @@ -872,49 +872,50 @@ static int xen_blkbk_parse_indirect(struct blkif_request *req,
> }
>
> unmap:
> if (segments)
> kunmap_atomic(segments);
> xen_blkbk_unmap(blkif, pages, indirect_grefs);
> return rc;
> }
>
> static int dispatch_discard_io(struct xen_blkif *blkif,
> struct blkif_request *req)
> {
> int err = 0;
> int status = BLKIF_RSP_OKAY;
> struct block_device *bdev = blkif->vbd.bdev;
> unsigned long secure;
> struct phys_req preq;
>
> + xen_blkif_get(blkif);
> +
> preq.sector_number = req->u.discard.sector_number;
> preq.nr_sects = req->u.discard.nr_sectors;
>
> err = xen_vbd_translate(&preq, blkif, WRITE);
> if (err) {
> pr_warn(DRV_PFX "access denied: DISCARD [%llu->%llu] on dev=%04x\n",
> preq.sector_number,
> preq.sector_number + preq.nr_sects, blkif->vbd.pdevice);
> goto fail_response;
> }
> blkif->st_ds_req++;
>
> - xen_blkif_get(blkif);
> secure = (blkif->vbd.discard_secure &&
> (req->u.discard.flag & BLKIF_DISCARD_SECURE)) ?
> BLKDEV_DISCARD_SECURE : 0;
>
> err = blkdev_issue_discard(bdev, req->u.discard.sector_number,
> req->u.discard.nr_sectors,
> GFP_KERNEL, secure);
> fail_response:
> if (err == -EOPNOTSUPP) {
> pr_debug(DRV_PFX "discard op failed, not supported\n");
> status = BLKIF_RSP_EOPNOTSUPP;
> } else if (err)
> status = BLKIF_RSP_ERROR;
>
> make_response(blkif, req->u.discard.id, req->operation, status);
> xen_blkif_put(blkif);
> return err;
> }
> --
> 1.7.10.4
>
next parent reply other threads:[~2013-09-06 13:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1378378814-23721-1-git-send-email-vegard.nossum@oracle.com>
2013-09-06 13:37 ` Konrad Rzeszutek Wilk [this message]
2013-09-06 13:37 ` [PATCH] xen/blkback: fix reference counting Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130906133708.GM2590@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=Ian.Campbell@citrix.com \
--cc=JBeulich@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vegard.nossum@oracle.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.