From: Stefan Hajnoczi <stefanha@gmail.com>
To: "Adalbert Lazăr" <alazar@bitdefender.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>,
"David S . Miller" <davem@davemloft.net>,
Stefano Garzarella <sgarzare@redhat.com>,
virtualization@lists.linux-foundation.org, kvm@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
Date: Wed, 6 Mar 2019 08:41:04 +0000 [thread overview]
Message-ID: <20190306084104.GA22159@stefanha-x1.localdomain> (raw)
In-Reply-To: <20190305180145.27161-1-alazar@bitdefender.com>
[-- Attachment #1: Type: text/plain, Size: 1475 bytes --]
On Tue, Mar 05, 2019 at 08:01:45PM +0200, Adalbert Lazăr wrote:
Thanks for the patch, Adalbert! Please add a Signed-off-by tag so your
patch can be merged (see Documentation/process/submitting-patches.rst
Chapter 11 for details on the Developer's Certificate of Origin).
> static int virtio_transport_reset_no_sock(struct virtio_vsock_pkt *pkt)
> {
> + const struct virtio_transport *t;
> struct virtio_vsock_pkt_info info = {
> .op = VIRTIO_VSOCK_OP_RST,
> .type = le16_to_cpu(pkt->hdr.type),
> @@ -680,7 +681,11 @@ static int virtio_transport_reset_no_sock(struct virtio_vsock_pkt *pkt)
> if (!pkt)
> return -ENOMEM;
>
> - return virtio_transport_get_ops()->send_pkt(pkt);
> + t = virtio_transport_get_ops();
> + if (!t)
> + return -ENOTCONN;
pkt is leaked here. This is an easy mistake to make because the code is
unclear. The pkt argument is the received packet that we must reply to.
The reply packet is allocated just before line 680 and must be free
explicitly for return -ENOTCONN.
You can avoid the leak and make the code easier to read like this:
struct virtio_vsock_pkt *reply;
...
------ avoid reusing 'pkt'
v
reply = virtio_transport_alloc_pkt(&info, 0, ...);
if (!reply)
return -ENOMEM;
t = virtio_transport_get_ops();
if (!t) {
virtio_transport_free_pkt(reply); <-- prevent memory leak
return -ENOTCONN;
}
return t->send_pkt(reply);
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
next prev parent reply other threads:[~2019-03-06 8:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-05 18:01 [PATCH] vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock Adalbert Lazăr
2019-03-06 8:12 ` Stefano Garzarella
2019-03-06 8:53 ` Adalbert Lazăr
2019-03-06 8:12 ` Stefano Garzarella
2019-03-06 8:41 ` Stefan Hajnoczi
2019-03-06 8:41 ` Stefan Hajnoczi [this message]
2019-03-06 9:10 ` Adalbert Lazăr
[not found] ` <1551863441.5559.19509.@c1753101230bd75c4bdbfe8f0947046bcaf69c6c>
2019-03-06 17:02 ` Stefan Hajnoczi
2019-03-06 17:02 ` Stefan Hajnoczi
2019-03-06 17:25 ` Adalbert Lazăr
-- strict thread matches above, loose matches on Subject: below --
2019-03-05 18:01 Adalbert Lazăr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190306084104.GA22159@stefanha-x1.localdomain \
--to=stefanha@gmail.com \
--cc=alazar@bitdefender.com \
--cc=davem@davemloft.net \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.