On 12/1/15 10:47 AM, Konrad Rzeszutek Wilk wrote:
> On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
>> When allocating a pciback device fails, avoid the possibility of a
>> use after free.
> 
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> 
> Ugh, and it looks like xen-blkfront has the same issue.

I believe that case is covered because xen_blkbk_remove() is called in
all the failure cases of xen_blkbk_probe() in that case.

> 
>>
>> Reported-by: Jonathan Creekmore <jonathan.creekmore@gmail.com>
>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>> ---
>>  drivers/xen/xen-pciback/xenbus.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c
>> index 98bc345..4843741 100644
>> --- a/drivers/xen/xen-pciback/xenbus.c
>> +++ b/drivers/xen/xen-pciback/xenbus.c
>> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>  	dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>>  
>>  	pdev->xdev = xdev;
>> -	dev_set_drvdata(&xdev->dev, pdev);
>>  
>>  	mutex_init(&pdev->dev_lock);
>>  
>> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct xenbus_device *xdev)
>>  		kfree(pdev);
>>  		pdev = NULL;
>>  	}
>> +
>> +	dev_set_drvdata(&xdev->dev, pdev);
>> +
>>  out:
>>  	return pdev;
>>  }
>> -- 
>> 2.4.10
>>


-- 
Doug Goldstein