From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH] xen-pciback: fix up cleanup path when alloc
	fails
Date: Tue, 1 Dec 2015 11:47:17 -0500
Message-ID: <20151201164717.GA5032@char.us.oracle.com>
References: <1448569959-7245-1-git-send-email-cardoe@cardoe.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <konrad@char.us.oracle.com>) id 1a3o5V-00032k-9v
	for xen-devel@lists.xenproject.org; Tue, 01 Dec 2015 16:47:33 +0000
Content-Disposition: inline
In-Reply-To: <1448569959-7245-1-git-send-email-cardoe@cardoe.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Doug Goldstein <cardoe@cardoe.com>
Cc: Wei Liu <wei.liu2@citrix.com>, Jonathan Creekmore <jonathan.creekmore@gmail.com>, linux-kernel@vger.kernel.org, Paul Durrant <paul.durrant@citrix.com>, David Vrabel <david.vrabel@citrix.com>, xen-devel@lists.xenproject.org, Boris Ostrovsky <boris.ostrovsky@oracle.com>
List-Id: xen-devel@lists.xenproject.org

On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
> When allocating a pciback device fails, avoid the possibility of a
> use after free.

Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Ugh, and it looks like xen-blkfront has the same issue.

> 
> Reported-by: Jonathan Creekmore <jonathan.creekmore@gmail.com>
> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> ---
>  drivers/xen/xen-pciback/xenbus.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c
> index 98bc345..4843741 100644
> --- a/drivers/xen/xen-pciback/xenbus.c
> +++ b/drivers/xen/xen-pciback/xenbus.c
> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>  	dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>  
>  	pdev->xdev = xdev;
> -	dev_set_drvdata(&xdev->dev, pdev);
>  
>  	mutex_init(&pdev->dev_lock);
>  
> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>  		kfree(pdev);
>  		pdev = NULL;
>  	}
> +
> +	dev_set_drvdata(&xdev->dev, pdev);
> +
>  out:
>  	return pdev;
>  }
> -- 
> 2.4.10
>