Re: [PATCH] xen-pciback: fix up cleanup path when alloc fails
From: Doug Goldstein
Date: Tue Dec 01 2015 - 14:24:41 EST
On 12/1/15 10:47 AM, Konrad Rzeszutek Wilk wrote:
> On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
>> When allocating a pciback device fails, avoid the possibility of a
>> use after free.
>
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
>
> Ugh, and it looks like xen-blkfront has the same issue.
I believe that case is covered because xen_blkbk_remove() is called in
all the failure cases of xen_blkbk_probe() in that case.
>
>>
>> Reported-by: Jonathan Creekmore <jonathan.creekmore@xxxxxxxxx>
>> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
>> ---
>> drivers/xen/xen-pciback/xenbus.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c
>> index 98bc345..4843741 100644
>> --- a/drivers/xen/xen-pciback/xenbus.c
>> +++ b/drivers/xen/xen-pciback/xenbus.c
>> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>> dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>>
>> pdev->xdev = xdev;
>> - dev_set_drvdata(&xdev->dev, pdev);
>>
>> mutex_init(&pdev->dev_lock);
>>
>> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>> kfree(pdev);
>> pdev = NULL;
>> }
>> +
>> + dev_set_drvdata(&xdev->dev, pdev);
>> +
>> out:
>> return pdev;
>> }
>> --
>> 2.4.10
>>
--
Doug Goldstein
Attachment:
signature.asc
Description: OpenPGP digital signature