re: xen-blkback: move free persistent grants code

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* re: xen-blkback: move free persistent grants code
@ 2012-12-03 21:11 Dan Carpenter
  2012-12-03 21:14 ` Dan Carpenter
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-12-03 21:11 UTC (permalink / raw)
  To: roger.pau; +Cc: xen-devel, virtualization

Hello Roger Pau Monne,

The patch 4d4f270f1880: "xen-blkback: move free persistent grants
code" from Nov 16, 2012, leads to the following warning:
drivers/block/xen-blkback/blkback.c:238 free_persistent_gnts()
	 warn: 'persistent_gnt' was already freed.

drivers/block/xen-blkback/blkback.c
   232                  pages[segs_to_unmap] = persistent_gnt->page;
   233                  rb_erase(&persistent_gnt->node, root);
   234                  kfree(persistent_gnt);
                        ^^^^^^^^^^^^^^^^^^^^
kfree();

   235                  num--;
   236  
   237                  if (++segs_to_unmap == BLKIF_MAX_SEGMENTS_PER_REQUEST ||
   238                          !rb_next(&persistent_gnt->node)) {
                                         ^^^^^^^^^^^^^^^^^^^^^
Dereferenced inside the call to rb_next().

   239                          ret = gnttab_unmap_refs(unmap, NULL, pages,
   240                                  segs_to_unmap);

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: xen-blkback: move free persistent grants code
  2012-12-03 21:11 xen-blkback: move free persistent grants code Dan Carpenter
@ 2012-12-03 21:14 ` Dan Carpenter
  0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2012-12-03 21:14 UTC (permalink / raw)
  To: roger.pau; +Cc: xen-devel, virtualization

On Tue, Dec 04, 2012 at 12:11:48AM +0300, Dan Carpenter wrote:
> Hello Roger Pau Monne,
> 
> The patch 4d4f270f1880: "xen-blkback: move free persistent grants
> code" from Nov 16, 2012, leads to the following warning:
> drivers/block/xen-blkback/blkback.c:238 free_persistent_gnts()
> 	 warn: 'persistent_gnt' was already freed.
> 
> drivers/block/xen-blkback/blkback.c
>    232                  pages[segs_to_unmap] = persistent_gnt->page;
>    233                  rb_erase(&persistent_gnt->node, root);
>    234                  kfree(persistent_gnt);
>                         ^^^^^^^^^^^^^^^^^^^^
> kfree();
> 

Also persistent_gnt is the list iterator inside a foreach_grant()
loop.  It needs a _safe() version like list_for_each_safe() where it
saves the next entry in the list at the start so we don't
dereference a freed entry.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-12-03 21:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-03 21:11 xen-blkback: move free persistent grants code Dan Carpenter
2012-12-03 21:14 ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).