[PATCH] virtio_blk: fix panic in initialization error path

linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] virtio_blk: fix panic in initialization error path
@ 2017-01-09 19:44 Omar Sandoval
  2017-01-09 19:55 ` Jeff Moyer
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Omar Sandoval @ 2017-01-09 19:44 UTC (permalink / raw)
  To: Michael S. Tsirkin, Jason Wang, virtualization, linux-block; +Cc: kernel-team

From: Omar Sandoval <osandov@fb.com>

If blk_mq_init_queue() returns an error, it gets assigned to
vblk->disk->queue. Then, when we call put_disk(), we end up calling
blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
only assigning to vblk->disk->queue on success.

Signed-off-by: Omar Sandoval <osandov@fb.com>
---
 drivers/block/virtio_blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 5545a679abd8..8587361e5356 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -628,11 +628,12 @@ static int virtblk_probe(struct virtio_device *vdev)
 	if (err)
 		goto out_put_disk;
 
-	q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set);
+	q = blk_mq_init_queue(&vblk->tag_set);
 	if (IS_ERR(q)) {
 		err = -ENOMEM;
 		goto out_free_tags;
 	}
+	vblk->disk->queue = q;
 
 	q->queuedata = vblk;
 
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] virtio_blk: fix panic in initialization error path
  2017-01-09 19:44 [PATCH] virtio_blk: fix panic in initialization error path Omar Sandoval
@ 2017-01-09 19:55 ` Jeff Moyer
  2017-01-10  2:47 ` Jason Wang
  2017-01-10  4:10 ` Michael S. Tsirkin
  2 siblings, 0 replies; 5+ messages in thread
From: Jeff Moyer @ 2017-01-09 19:55 UTC (permalink / raw)
  To: Omar Sandoval
  Cc: Michael S. Tsirkin, Jason Wang, virtualization, linux-block,
	kernel-team

Omar Sandoval <osandov@osandov.com> writes:

> From: Omar Sandoval <osandov@fb.com>
>
> If blk_mq_init_queue() returns an error, it gets assigned to
> vblk->disk->queue. Then, when we call put_disk(), we end up calling
> blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
> only assigning to vblk->disk->queue on success.
>
> Signed-off-by: Omar Sandoval <osandov@fb.com>

Reviewed-by: Jeff Moyer <jmoyer@redhat.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] virtio_blk: fix panic in initialization error path
  2017-01-09 19:44 [PATCH] virtio_blk: fix panic in initialization error path Omar Sandoval
  2017-01-09 19:55 ` Jeff Moyer
@ 2017-01-10  2:47 ` Jason Wang
  2017-01-10  4:10 ` Michael S. Tsirkin
  2 siblings, 0 replies; 5+ messages in thread
From: Jason Wang @ 2017-01-10  2:47 UTC (permalink / raw)
  To: Omar Sandoval, Michael S. Tsirkin, virtualization, linux-block
  Cc: kernel-team



On 2017年01月10日 03:44, Omar Sandoval wrote:
> From: Omar Sandoval <osandov@fb.com>
>
> If blk_mq_init_queue() returns an error, it gets assigned to
> vblk->disk->queue. Then, when we call put_disk(), we end up calling
> blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
> only assigning to vblk->disk->queue on success.
>
> Signed-off-by: Omar Sandoval <osandov@fb.com>
> ---
>   drivers/block/virtio_blk.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
> index 5545a679abd8..8587361e5356 100644
> --- a/drivers/block/virtio_blk.c
> +++ b/drivers/block/virtio_blk.c
> @@ -628,11 +628,12 @@ static int virtblk_probe(struct virtio_device *vdev)
>   	if (err)
>   		goto out_put_disk;
>   
> -	q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set);
> +	q = blk_mq_init_queue(&vblk->tag_set);
>   	if (IS_ERR(q)) {
>   		err = -ENOMEM;
>   		goto out_free_tags;
>   	}
> +	vblk->disk->queue = q;
>   
>   	q->queuedata = vblk;
>   

Acked-by: Jason Wang <jasowang@redhat.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] virtio_blk: fix panic in initialization error path
  2017-01-09 19:44 [PATCH] virtio_blk: fix panic in initialization error path Omar Sandoval
  2017-01-09 19:55 ` Jeff Moyer
  2017-01-10  2:47 ` Jason Wang
@ 2017-01-10  4:10 ` Michael S. Tsirkin
  2017-01-10  4:11   ` Jens Axboe
  2 siblings, 1 reply; 5+ messages in thread
From: Michael S. Tsirkin @ 2017-01-10  4:10 UTC (permalink / raw)
  To: Omar Sandoval
  Cc: Jason Wang, virtualization, linux-block, kernel-team, Jens Axboe

On Mon, Jan 09, 2017 at 11:44:12AM -0800, Omar Sandoval wrote:
> From: Omar Sandoval <osandov@fb.com>
> 
> If blk_mq_init_queue() returns an error, it gets assigned to
> vblk->disk->queue. Then, when we call put_disk(), we end up calling
> blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
> only assigning to vblk->disk->queue on success.
> 
> Signed-off-by: Omar Sandoval <osandov@fb.com>

Acked-by: Michael S. Tsirkin <mst@redhat.com>

Jens, do you mind picking this one up as well, since
you have one virtio-blk patch already?


> ---
>  drivers/block/virtio_blk.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
> index 5545a679abd8..8587361e5356 100644
> --- a/drivers/block/virtio_blk.c
> +++ b/drivers/block/virtio_blk.c
> @@ -628,11 +628,12 @@ static int virtblk_probe(struct virtio_device *vdev)
>  	if (err)
>  		goto out_put_disk;
>  
> -	q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set);
> +	q = blk_mq_init_queue(&vblk->tag_set);
>  	if (IS_ERR(q)) {
>  		err = -ENOMEM;
>  		goto out_free_tags;
>  	}
> +	vblk->disk->queue = q;
>  
>  	q->queuedata = vblk;
>  
> -- 
> 2.11.0

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] virtio_blk: fix panic in initialization error path
  2017-01-10  4:10 ` Michael S. Tsirkin
@ 2017-01-10  4:11   ` Jens Axboe
  0 siblings, 0 replies; 5+ messages in thread
From: Jens Axboe @ 2017-01-10  4:11 UTC (permalink / raw)
  To: Michael S. Tsirkin, Omar Sandoval
  Cc: Jason Wang, virtualization, linux-block, kernel-team

On 01/09/2017 09:10 PM, Michael S. Tsirkin wrote:
> On Mon, Jan 09, 2017 at 11:44:12AM -0800, Omar Sandoval wrote:
>> From: Omar Sandoval <osandov@fb.com>
>>
>> If blk_mq_init_queue() returns an error, it gets assigned to
>> vblk->disk->queue. Then, when we call put_disk(), we end up calling
>> blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by
>> only assigning to vblk->disk->queue on success.
>>
>> Signed-off-by: Omar Sandoval <osandov@fb.com>
> 
> Acked-by: Michael S. Tsirkin <mst@redhat.com>
> 
> Jens, do you mind picking this one up as well, since
> you have one virtio-blk patch already?

No problem, in fact I already queued it up.

-- 
Jens Axboe

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-01-10  4:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-09 19:44 [PATCH] virtio_blk: fix panic in initialization error path Omar Sandoval
2017-01-09 19:55 ` Jeff Moyer
2017-01-10  2:47 ` Jason Wang
2017-01-10  4:10 ` Michael S. Tsirkin
2017-01-10  4:11   ` Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).