* [PATCH] block: nbd: fix double free
@ 2017-04-28 4:29 Ming Lei
2017-04-28 13:00 ` Josef Bacik
0 siblings, 1 reply; 4+ messages in thread
From: Ming Lei @ 2017-04-28 4:29 UTC (permalink / raw)
To: Jens Axboe, linux-block; +Cc: Christoph Hellwig, Josef Bacik, Ming Lei
Looks it is a typo, just fix it, otherwise the following
warning can be trigerred:
[ming@VM]$sudo rmmod nbd
[sudo] password for ming:
==================================================================
BUG: KASAN: use-after-free in nbd_cleanup+0x115/0x18e [nbd] at addr ffff88024ca539b0
Read of size 8 by task rmmod/2079
Object at ffff88024ca53900, in cache kmalloc-256 size: 256
Allocated:
PID = 1414
Freed:
PID = 2079
Memory state around the buggy address:
ffff88024ca53880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff88024ca53900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88024ca53980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88024ca53a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
ffff88024ca53a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Fixes: c6a4759ea0c9(nbd: add device refcounting)
Cc: Josef Bacik <jbacik@fb.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
---
drivers/block/nbd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 5583dc4ff941..fa44a6fce4cb 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -2110,7 +2110,6 @@ static void __exit nbd_cleanup(void)
if (refcount_read(&nbd->refs) != 2)
printk(KERN_ERR "nbd: possibly leaking a device\n");
nbd_put(nbd);
- nbd_put(nbd);
}
idr_destroy(&nbd_index_idr);
--
2.9.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] block: nbd: fix double free
2017-04-28 4:29 [PATCH] block: nbd: fix double free Ming Lei
@ 2017-04-28 13:00 ` Josef Bacik
2017-04-28 15:27 ` Ming Lei
0 siblings, 1 reply; 4+ messages in thread
From: Josef Bacik @ 2017-04-28 13:00 UTC (permalink / raw)
To: Ming Lei, Jens Axboe, linux-block@vger.kernel.org; +Cc: Christoph Hellwig
V2Ugc2hvdWxkIGhhdmUgMiByZWZlcmVuY2VzIG9uIHRoZSBkZXZpY2UgYXQgdGhpcyBwb2ludCwg
ZGlkIHlvdSBzZWUgYSDigJxuYmQ6IHBvc3NpYmx5IGxlYWtpbmcgYSBkZXZpY2XigJ0gbWVzc2Fn
ZSBiZWZvcmUgdGhlIGthc2FuIHN0dWZmPyAgVGhhbmtzLA0KDQpKb3NlZg0KDQpPbiA0LzI4LzE3
LCAxMjoyOSBBTSwgIk1pbmcgTGVpIiA8bWluZy5sZWlAcmVkaGF0LmNvbT4gd3JvdGU6DQoNCkxv
b2tzIGl0IGlzIGEgdHlwbywganVzdCBmaXggaXQsIG90aGVyd2lzZSB0aGUgZm9sbG93aW5nDQp3
YXJuaW5nIGNhbiBiZSB0cmlnZXJyZWQ6DQoNClttaW5nQFZNXSRzdWRvIHJtbW9kIG5iZA0KW3N1
ZG9dIHBhc3N3b3JkIGZvciBtaW5nOg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpCVUc6IEtBU0FOOiB1c2UtYWZ0ZXIt
ZnJlZSBpbiBuYmRfY2xlYW51cCsweDExNS8weDE4ZSBbbmJkXSBhdCBhZGRyIGZmZmY4ODAyNGNh
NTM5YjANClJlYWQgb2Ygc2l6ZSA4IGJ5IHRhc2sgcm1tb2QvMjA3OQ0KT2JqZWN0IGF0IGZmZmY4
ODAyNGNhNTM5MDAsIGluIGNhY2hlIGttYWxsb2MtMjU2IHNpemU6IDI1Ng0KQWxsb2NhdGVkOg0K
UElEID0gMTQxNA0KRnJlZWQ6DQpQSUQgPSAyMDc5DQpNZW1vcnkgc3RhdGUgYXJvdW5kIHRoZSBi
dWdneSBhZGRyZXNzOg0KIGZmZmY4ODAyNGNhNTM4ODA6IGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZi
IGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjDQogZmZmZjg4MDI0Y2E1MzkwMDogZmIgZmIgZmIgZmIg
ZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmIgZmINCj5mZmZmODgwMjRjYTUzOTgwOiBm
YiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYg0KICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIF4NCiBmZmZmODgwMjRjYTUzYTAwOiBmYyBmYyBm
YyBmYyBmYyBmYyBmYyBmYyBmYiBmYiBmYiBmYiBmYiBmYiBmYiBmYg0KIGZmZmY4ODAyNGNhNTNh
ODA6IGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiIGZiDQo9PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT0NCg0KRml4ZXM6IGM2YTQ3NTllYTBjOShuYmQ6IGFkZCBkZXZpY2UgcmVmY291bnRpbmcp
DQpDYzogSm9zZWYgQmFjaWsgPGpiYWNpa0BmYi5jb20+DQpTaWduZWQtb2ZmLWJ5OiBNaW5nIExl
aSA8bWluZy5sZWlAcmVkaGF0LmNvbT4NCi0tLQ0KIGRyaXZlcnMvYmxvY2svbmJkLmMgfCAxIC0N
CiAxIGZpbGUgY2hhbmdlZCwgMSBkZWxldGlvbigtKQ0KDQpkaWZmIC0tZ2l0IGEvZHJpdmVycy9i
bG9jay9uYmQuYyBiL2RyaXZlcnMvYmxvY2svbmJkLmMNCmluZGV4IDU1ODNkYzRmZjk0MS4uZmE0
NGE2ZmNlNGNiIDEwMDY0NA0KLS0tIGEvZHJpdmVycy9ibG9jay9uYmQuYw0KKysrIGIvZHJpdmVy
cy9ibG9jay9uYmQuYw0KQEAgLTIxMTAsNyArMjExMCw2IEBAIHN0YXRpYyB2b2lkIF9fZXhpdCBu
YmRfY2xlYW51cCh2b2lkKQ0KIAkJaWYgKHJlZmNvdW50X3JlYWQoJm5iZC0+cmVmcykgIT0gMikN
CiAJCQlwcmludGsoS0VSTl9FUlIgIm5iZDogcG9zc2libHkgbGVha2luZyBhIGRldmljZVxuIik7
DQogCQluYmRfcHV0KG5iZCk7DQotCQluYmRfcHV0KG5iZCk7DQogCX0NCiANCiAJaWRyX2Rlc3Ry
b3koJm5iZF9pbmRleF9pZHIpOw0KLS0gDQoyLjkuMw0KDQoNCg0K
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] block: nbd: fix double free
2017-04-28 13:00 ` Josef Bacik
@ 2017-04-28 15:27 ` Ming Lei
2017-04-28 15:29 ` Josef Bacik
0 siblings, 1 reply; 4+ messages in thread
From: Ming Lei @ 2017-04-28 15:27 UTC (permalink / raw)
To: Josef Bacik; +Cc: Jens Axboe, linux-block@vger.kernel.org, Christoph Hellwig
On Fri, Apr 28, 2017 at 01:00:30PM +0000, Josef Bacik wrote:
> We should have 2 references on the device at this point, did you see a “nbd: possibly leaking a device” message before the kasan stuff? Thanks,
>
There isn't such message before kasan warning.
Thanks,
Ming
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] block: nbd: fix double free
2017-04-28 15:27 ` Ming Lei
@ 2017-04-28 15:29 ` Josef Bacik
0 siblings, 0 replies; 4+ messages in thread
From: Josef Bacik @ 2017-04-28 15:29 UTC (permalink / raw)
To: Ming Lei; +Cc: Jens Axboe, linux-block@vger.kernel.org, Christoph Hellwig
WWVhaCBJIGZvdW5kIGFuZCBmaXhlZCBpdCBhbHJlYWR5LCB0aGFua3MsDQoNCkpvc2VmDQoNCk9u
IDQvMjgvMTcsIDExOjI3IEFNLCAiTWluZyBMZWkiIDxtaW5nLmxlaUByZWRoYXQuY29tPiB3cm90
ZToNCg0KT24gRnJpLCBBcHIgMjgsIDIwMTcgYXQgMDE6MDA6MzBQTSArMDAwMCwgSm9zZWYgQmFj
aWsgd3JvdGU6DQo+IFdlIHNob3VsZCBoYXZlIDIgcmVmZXJlbmNlcyBvbiB0aGUgZGV2aWNlIGF0
IHRoaXMgcG9pbnQsIGRpZCB5b3Ugc2VlIGEg4oCcbmJkOiBwb3NzaWJseSBsZWFraW5nIGEgZGV2
aWNl4oCdIG1lc3NhZ2UgYmVmb3JlIHRoZSBrYXNhbiBzdHVmZj8gIFRoYW5rcywNCj4gDQoNClRo
ZXJlIGlzbid0IHN1Y2ggbWVzc2FnZSBiZWZvcmUga2FzYW4gd2FybmluZy4NCg0KVGhhbmtzLA0K
TWluZw0KDQoNCg==
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-28 15:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-28 4:29 [PATCH] block: nbd: fix double free Ming Lei
2017-04-28 13:00 ` Josef Bacik
2017-04-28 15:27 ` Ming Lei
2017-04-28 15:29 ` Josef Bacik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).