From mboxrd@z Thu Jan  1 00:00:00 1970
From: Doug Goldstein <cardoe@cardoe.com>
Subject: Re: [PATCH] xen-pciback: fix up cleanup path when alloc
	fails
Date: Tue, 1 Dec 2015 14:54:33 -0600
Message-ID: <565E0909.2010009__9308.67467909611$1449003538$gmane$org@cardoe.com>
References: <1448569959-7245-1-git-send-email-cardoe@cardoe.com>
	<20151201164717.GA5032@char.us.oracle.com>
	<20151201193517.GA32573@char.us.oracle.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7748422331343472704=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <cardoe@cardoe.com>) id 1a3rz5-0006QX-AH
	for xen-devel@lists.xenproject.org; Tue, 01 Dec 2015 20:57:11 +0000
Received: by ykdr82 with SMTP id r82so22923771ykd.3
	for <xen-devel@lists.xenproject.org>;
	Tue, 01 Dec 2015 12:57:08 -0800 (PST)
In-Reply-To: <20151201193517.GA32573@char.us.oracle.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Wei Liu <wei.liu2@citrix.com>, Jonathan Creekmore <jonathan.creekmore@gmail.com>, linux-kernel@vger.kernel.org, Paul Durrant <paul.durrant@citrix.com>, David Vrabel <david.vrabel@citrix.com>, xen-devel@lists.xenproject.org, Boris Ostrovsky <boris.ostrovsky@oracle.com>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7748422331343472704==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="FJrWDUfBwJuGdXCK968KuCSHXDM2OXEV7"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FJrWDUfBwJuGdXCK968KuCSHXDM2OXEV7
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 12/1/15 1:35 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Dec 01, 2015 at 11:47:17AM -0500, Konrad Rzeszutek Wilk wrote:
>> On Thu, Nov 26, 2015 at 02:32:39PM -0600, Doug Goldstein wrote:
>>> When allocating a pciback device fails, avoid the possibility of a
>>> use after free.
>>
>> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>>
>> Ugh, and it looks like xen-blkfront has the same issue.
>=20
> <whew> Nope. No problems there.
>=20
> The ->probe if it fails (so xenbus_dev_probe returns the error)
> ends up in the 'probe_failed' label in really_probe which takes care by=
 doing:
>=20
> dev_set_drvdata(dev, NULL);
>=20
> Wheew!
>=20
> either way the patch should go in, but the 'possibility' should
> be perhaps removed? Unless there is some other path I missed?

I put 'possibility' in there because it will only happen when the
function returns failure. I was also trying to not make it sound panicky
I guess. I can resubmit the patch with that word dropped if that's
desirable.

>=20
>>
>>>
>>> Reported-by: Jonathan Creekmore <jonathan.creekmore@gmail.com>
>>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>>> ---
>>>  drivers/xen/xen-pciback/xenbus.c | 4 +++-
>>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciba=
ck/xenbus.c
>>> index 98bc345..4843741 100644
>>> --- a/drivers/xen/xen-pciback/xenbus.c
>>> +++ b/drivers/xen/xen-pciback/xenbus.c
>>> @@ -44,7 +44,6 @@ static struct xen_pcibk_device *alloc_pdev(struct x=
enbus_device *xdev)
>>>  	dev_dbg(&xdev->dev, "allocated pdev @ 0x%p\n", pdev);
>>> =20
>>>  	pdev->xdev =3D xdev;
>>> -	dev_set_drvdata(&xdev->dev, pdev);
>>> =20
>>>  	mutex_init(&pdev->dev_lock);
>>> =20
>>> @@ -58,6 +57,9 @@ static struct xen_pcibk_device *alloc_pdev(struct x=
enbus_device *xdev)
>>>  		kfree(pdev);
>>>  		pdev =3D NULL;
>>>  	}
>>> +
>>> +	dev_set_drvdata(&xdev->dev, pdev);
>>> +
>>>  out:
>>>  	return pdev;
>>>  }
>>> --=20
>>> 2.4.10
>>>


--=20
Doug Goldstein


--FJrWDUfBwJuGdXCK968KuCSHXDM2OXEV7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWXgkLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB
MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUj30P/0clTylhvvCchX6m0OZhUqG6
rbdKyFqhiYX7w+tK0BASp07AHvIx5hnoU9HQ/9QALaJrCcTEZp37aON8zvpM0GIV
nky/1aFYl/vgjPUtCyZISPp/CA+dPsBHj31gTTo9YBooxMBcU57Gp9WgsOEXi7al
FpvKgP/QafZQ9TDvXB2OxqyF2AywQfRHMLMTJuw67G1CN5hdmiZhWMpmrggLJDlB
tw9iivFGnJQWaRpPuVH46F/V4KDe7ZLHU3v0BUH2pnikHkVM3KU+Cr5f6pjlKFAD
6mway2DlM7GrDT2jVbMsNsZ+B8S1piyNM6ZRMbCa9ZkOKPvVMaCOzepJq1lg8Ne7
UVNJo4fjulLsB99VEtGwaBsr0KD37lbYXHWtb1w/NtMm8TYfneucFtyRAxjSzn+k
leAiQwpAFOfmT9Vu912LeSDuWq3DcNS4OaZ1OX/1EVSeLoH9zyr1u5Ol/KCYWgTD
hZm2myS66ir2lAjvFxAkDv7J6E5z3tAaatyLy+Uu6K5YWkVhW95WhxyCwRDsWir6
Shynf060s+ePkGCAjH34swYVmXBLJepWv+cqCMOFMs0tbek9jWg9eBC3OVe1+ik7
p/lBlYFBgcbZS/6JLF0yP8o7xoxXgZb4i6prWGcBd4lX4mWU/uc/j5v5o5bmYL9g
Wb6z9IpOOKZWhfj0WTp+
=yuwn
-----END PGP SIGNATURE-----

--FJrWDUfBwJuGdXCK968KuCSHXDM2OXEV7--


--===============7748422331343472704==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============7748422331343472704==--