Re: [PATCH] xen-pciback: fix up cleanup path when alloc fails

From: Doug Goldstein
Date: Tue Dec 01 2015 - 15:57:15 EST


On 12/1/15 1:35 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Dec 01, 2015 at 11:47:17AM -0500, Konrad Rzeszutek Wilk wrote:
>> On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
>>> When allocating a pciback device fails, avoid the possibility of a
>>> use after free.
>>
>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
>>
>> Ugh, and it looks like xen-blkfront has the same issue.
>
> <whew> Nope. No problems there.
>
> The ->probe if it fails (so xenbus_dev_probe returns the error)
> ends up in the 'probe_failed' label in really_probe which takes care by doing:
>
> dev_set_drvdata(dev, NULL);
>
> Wheew!
>
> either way the patch should go in, but the 'possibility' should
> be perhaps removed? Unless there is some other path I missed?

I put 'possibility' in there because it will only happen when the
function returns failure. I was also trying to not make it sound panicky
I guess. I can resubmit the patch with that word dropped if that's
desirable.

>
>>
>>>
>>> Reported-by: Jonathan Creekmore <jonathan.creekmore@xxxxxxxxx>
>>> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
>>> ---
>>> drivers/xen/xen-pciback/xenbus.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c
>>> index 98bc345..4843741 100644
>>> --- a/drivers/xen/xen-pciback/xenbus.c
>>> +++ b/drivers/xen/xen-pciback/xenbus.c
>>> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>> dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>>>
>>> pdev->xdev = xdev;
>>> - dev_set_drvdata(&xdev->dev, pdev);
>>>
>>> mutex_init(&pdev->dev_lock);
>>>
>>> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>> kfree(pdev);
>>> pdev = NULL;
>>> }
>>> +
>>> + dev_set_drvdata(&xdev->dev, pdev);
>>> +
>>> out:
>>> return pdev;
>>> }
>>> --
>>> 2.4.10
>>>


--
Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature