From: Doug Goldstein <cardoe@cardoe.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
Bob Liu <bob.liu@oracle.com>,
Paul Durrant <paul.durrant@citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
David Vrabel <david.vrabel@citrix.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Jonathan Creekmore <jonathan.creekmore@gmail.com>
Subject: Re: [PATCH] xen-pciback: fix up cleanup path when alloc fails
Date: Tue, 1 Dec 2015 14:54:33 -0600 [thread overview]
Message-ID: <565E0909.2010009@cardoe.com> (raw)
In-Reply-To: <20151201193517.GA32573@char.us.oracle.com>
[-- Attachment #1: Type: text/plain, Size: 2052 bytes --]
On 12/1/15 1:35 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Dec 01, 2015 at 11:47:17AM -0500, Konrad Rzeszutek Wilk wrote:
>> On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
>>> When allocating a pciback device fails, avoid the possibility of a
>>> use after free.
>>
>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>>
>> Ugh, and it looks like xen-blkfront has the same issue.
>
> <whew> Nope. No problems there.
>
> The ->probe if it fails (so xenbus_dev_probe returns the error)
> ends up in the 'probe_failed' label in really_probe which takes care by doing:
>
> dev_set_drvdata(dev, NULL);
>
> Wheew!
>
> either way the patch should go in, but the 'possibility' should
> be perhaps removed? Unless there is some other path I missed?
I put 'possibility' in there because it will only happen when the
function returns failure. I was also trying to not make it sound panicky
I guess. I can resubmit the patch with that word dropped if that's
desirable.
>
>>
>>>
>>> Reported-by: Jonathan Creekmore <jonathan.creekmore@gmail.com>
>>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>>> ---
>>> drivers/xen/xen-pciback/xenbus.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c
>>> index 98bc345..4843741 100644
>>> --- a/drivers/xen/xen-pciback/xenbus.c
>>> +++ b/drivers/xen/xen-pciback/xenbus.c
>>> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>> dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>>>
>>> pdev->xdev = xdev;
>>> - dev_set_drvdata(&xdev->dev, pdev);
>>>
>>> mutex_init(&pdev->dev_lock);
>>>
>>> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>> kfree(pdev);
>>> pdev = NULL;
>>> }
>>> +
>>> + dev_set_drvdata(&xdev->dev, pdev);
>>> +
>>> out:
>>> return pdev;
>>> }
>>> --
>>> 2.4.10
>>>
--
Doug Goldstein
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
next prev parent reply other threads:[~2015-12-01 20:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-26 20:32 [PATCH] xen-pciback: fix up cleanup path when alloc fails Doug Goldstein
2015-11-30 21:09 ` Boris Ostrovsky
[not found] ` <20151201164717.GA5032@char.us.oracle.com>
2015-12-01 19:24 ` Doug Goldstein
[not found] ` <20151201193517.GA32573@char.us.oracle.com>
2015-12-01 20:54 ` Doug Goldstein [this message]
2015-12-02 10:35 ` David Vrabel
2015-12-02 14:56 ` Doug Goldstein
2015-12-14 16:08 ` [Xen-devel] " David Vrabel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565E0909.2010009@cardoe.com \
--to=cardoe@cardoe.com \
--cc=bob.liu@oracle.com \
--cc=boris.ostrovsky@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=jonathan.creekmore@gmail.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.durrant@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox