From: Jason Wang <jasowang@redhat.com>
To: Amit Shah <amit.shah@redhat.com>
Cc: stable@vger.kernel.org,
Virtualization List <virtualization@lists.linux-foundation.org>
Subject: Re: [PATCH 03/10] virtio: console: clean up port data immediately at time of unplug
Date: Fri, 19 Jul 2013 13:11:54 +0800 [thread overview]
Message-ID: <51E8CA9A.6070803__7548.25612898475$1374210747$gmane$org@redhat.com> (raw)
In-Reply-To: <20130719050252.GA3087@amit-x200.redhat.com>
On 07/19/2013 01:02 PM, Amit Shah wrote:
> On (Fri) 19 Jul 2013 [11:21:47], Jason Wang wrote:
>> On 07/19/2013 04:16 AM, Amit Shah wrote:
>
>>> diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
>>> index b04ec95..6bf0df3 100644
>>> --- a/drivers/char/virtio_console.c
>>> +++ b/drivers/char/virtio_console.c
>>> @@ -1501,14 +1501,6 @@ static void remove_port(struct kref *kref)
>>>
>>> port = container_of(kref, struct port, kref);
>>>
>>> - sysfs_remove_group(&port->dev->kobj, &port_attribute_group);
>>> - device_destroy(pdrvdata.class, port->dev->devt);
>>> - cdev_del(port->cdev);
>>> -
>>> - kfree(port->name);
>>> -
>>> - debugfs_remove(port->debugfs_file);
>>> -
>>> kfree(port);
>>> }
>>>
>>> @@ -1566,6 +1558,14 @@ static void unplug_port(struct port *port)
>>> */
>>> port->portdev = NULL;
>>>
>>> + sysfs_remove_group(&port->dev->kobj, &port_attribute_group);
>>> + device_destroy(pdrvdata.class, port->dev->devt);
>>> + cdev_del(port->cdev);
>>> +
>>> + kfree(port->name);
>>> +
>>> + debugfs_remove(port->debugfs_file);
>>> +
>>> /*
>>> * Locks around here are not necessary - a port can't be
>>> * opened after we removed the port struct from ports_list
>> Should we remove debugfs file before kfree()? Otherwise looks like a
>> use-after-free if user access debugfs after kfree().
> It is removed before kfree() -- kfree() is called in remove_port(),
> which is called when all the references are dropped. (Did you confuse
> kfree(port->name) with kfree(port)?)
Nope. Looks like port->name were accessed in debugfs_read()?
>
> Thanks,
>
> Amit
next prev parent reply other threads:[~2013-07-19 5:11 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-18 20:16 [PATCH 00/10] virtio: console: fixes for races with port unplug Amit Shah
2013-07-18 20:16 ` [PATCH 01/10] virtio: console: fix race with port unplug and open/close Amit Shah
2013-07-18 20:16 ` [PATCH 02/10] virtio: console: fix race in port_fops_open() and port unplug Amit Shah
2013-07-18 20:16 ` [PATCH 03/10] virtio: console: clean up port data immediately at time of unplug Amit Shah
2013-07-18 20:16 ` [PATCH 04/10] virtio: console: return -ENODEV on all read operations after unplug Amit Shah
2013-07-18 20:16 ` [PATCH 05/10] virtio: console: update private_data in struct file only on successful open Amit Shah
2013-07-18 20:16 ` [PATCH 06/10] virtio: console: fix race in port_fops_poll() and port unplug Amit Shah
2013-07-19 7:03 ` Jason Wang
2013-07-19 7:48 ` Amit Shah
2013-07-19 10:17 ` Jason Wang
2013-07-19 10:29 ` Amit Shah
2013-07-22 5:45 ` Rusty Russell
2013-07-23 3:01 ` Jason Wang
2013-07-23 5:26 ` Rusty Russell
2013-07-23 7:20 ` Jason Wang
2013-07-23 8:08 ` Amit Shah
2013-07-18 20:16 ` [PATCH 07/10] virtio: console: fix raising SIGIO after " Amit Shah
2013-07-18 20:16 ` [PATCH 08/10] virtio: console: add locks around buffer removal in port unplug path Amit Shah
2013-07-22 5:56 ` Rusty Russell
2013-07-23 8:24 ` Amit Shah
2013-07-24 1:49 ` Rusty Russell
2013-07-24 7:24 ` Amit Shah
2013-07-18 20:16 ` [PATCH 09/10] virtio: console: add locking " Amit Shah
2013-07-18 20:16 ` [PATCH 10/10] virtio: console: fix locking around send_sigio_to_port() Amit Shah
[not found] ` <fe68b08508c638c6edc4ca2883249a29fdc8fbec.1374177234.git.amit.shah@redhat.com>
2013-07-19 3:21 ` [PATCH 03/10] virtio: console: clean up port data immediately at time of unplug Jason Wang
2013-07-19 5:02 ` Amit Shah
2013-07-19 5:11 ` Jason Wang [this message]
[not found] ` <51E8CA9A.6070803@redhat.com>
2013-07-19 5:26 ` Amit Shah
2013-07-19 5:03 ` [PATCH 00/10] virtio: console: fixes for races with port unplug Amit Shah
[not found] ` <39ab201027a58e792724172f1f559fe837e89556.1374177234.git.amit.shah@redhat.com>
2013-07-19 5:07 ` [PATCH 04/10] virtio: console: return -ENODEV on all read operations after unplug Jason Wang
2013-07-19 5:45 ` Amit Shah
2013-07-19 7:00 ` Jason Wang
[not found] ` <a012f8e8c562c84c2302e57e5360291ef7d4ff21.1374177234.git.amit.shah@redhat.com>
2013-07-22 5:37 ` [PATCH 05/10] virtio: console: update private_data in struct file only on successful open Rusty Russell
[not found] ` <87ip03b1e7.fsf@rustcorp.com.au>
2013-07-23 8:18 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='51E8CA9A.6070803__7548.25612898475$1374210747$gmane$org@redhat.com' \
--to=jasowang@redhat.com \
--cc=amit.shah@redhat.com \
--cc=stable@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.