Re: [PATCH] xen/blkback: prevent leak of mode during multiplebackend_changed calls

From: Olaf Hering
Date: Thu Dec 06 2012 - 11:22:57 EST

Next message: Heinz Diehl: "Re: i915 freakout with latest 3.7 git"
Previous message: Tim Gardner: "[PATCH 3.7-rc8] ttm: Fix possible _manager memory allocation oops"
In reply to: Jan Beulich: "Re: [PATCH] xen/blkback: prevent leak of mode during multiplebackend_changed calls"
Next in thread: Jan Beulich: "Re: [PATCH] xen/blkback: prevent leak of mode during multiplebackend_changed calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 05, Jan Beulich wrote:

> >>> On 05.12.12 at 11:01, Olaf Hering <olaf@xxxxxxxxx> wrote:
> > backend_changed might be called multiple times, which will leak
> > be->mode. free the previous value before storing the current mode value.
>
> As said before - this is one possible route to take. But did you
> consider at all the alternative of preventing the function from
> getting called more than once for a given device? As also said
> before, I think that would have other bad effects, and hence
> should be preferred (and would likely also result in a smaller
> patch).

Maybe it could be done like this, adding a flag to the backend device
and exit early if its called twice.

Olaf

diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
index a6585a4..2822e73 100644
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -28,6 +28,7 @@ struct backend_info {
unsigned major;
unsigned minor;
char *mode;
+ unsigned alive;
};

static struct kmem_cache *xen_blkif_cachep;
@@ -506,6 +507,9 @@ static void backend_changed(struct xenbus_watch *watch,

DPRINTK("");

+ if (be->alive)
+ return;
+
err = xenbus_scanf(XBT_NIL, dev->nodename, "physical-device", "%x:%x",
&major, &minor);
if (XENBUS_EXIST_ERR(err)) {
@@ -548,8 +552,11 @@ static void backend_changed(struct xenbus_watch *watch,
char *p = strrchr(dev->otherend, '/') + 1;
long handle;
err = strict_strtoul(p, 0, &handle);
- if (err)
+ if (err) {
+ kfree(be->mode);
+ be->mode = NULL;
return;
+ }

be->major = major;
be->minor = minor;
@@ -560,6 +567,8 @@ static void backend_changed(struct xenbus_watch *watch,
be->major = 0;
be->minor = 0;
xenbus_dev_fatal(dev, err, "creating vbd structure");
+ kfree(be->mode);
+ be->mode = NULL;
return;
}

@@ -569,10 +578,13 @@ static void backend_changed(struct xenbus_watch *watch,
be->major = 0;
be->minor = 0;
xenbus_dev_fatal(dev, err, "creating sysfs entries");
+ kfree(be->mode);
+ be->mode = NULL;
return;
}

/* We're potentially connected now */
+ be->alive = 1;
xen_update_blkif_status(be->blkif);
}
}
--
1.8.0.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Heinz Diehl: "Re: i915 freakout with latest 3.7 git"
Previous message: Tim Gardner: "[PATCH 3.7-rc8] ttm: Fix possible _manager memory allocation oops"
In reply to: Jan Beulich: "Re: [PATCH] xen/blkback: prevent leak of mode during multiplebackend_changed calls"
Next in thread: Jan Beulich: "Re: [PATCH] xen/blkback: prevent leak of mode during multiplebackend_changed calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]