lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121206162304.GA3989@aepfle.de>
Date:	Thu, 6 Dec 2012 17:23:04 +0100
From:	Olaf Hering <olaf@...fle.de>
To:	Jan Beulich <JBeulich@...e.com>
Cc:	konrad.wilk@...cle.com, xen-devel@...ts.xen.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] xen/blkback: prevent leak of mode during multiple
 backend_changed calls

On Wed, Dec 05, Jan Beulich wrote:

> >>> On 05.12.12 at 11:01, Olaf Hering <olaf@...fle.de> wrote:
> > backend_changed might be called multiple times, which will leak
> > be->mode. free the previous value before storing the current mode value.
> 
> As said before - this is one possible route to take. But did you
> consider at all the alternative of preventing the function from
> getting called more than once for a given device? As also said
> before, I think that would have other bad effects, and hence
> should be preferred (and would likely also result in a smaller
> patch).

Maybe it could be done like this, adding a flag to the backend device
and exit early if its called twice.

Olaf


diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
index a6585a4..2822e73 100644
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -28,6 +28,7 @@ struct backend_info {
 	unsigned		major;
 	unsigned		minor;
 	char			*mode;
+	unsigned		alive;
 };
 
 static struct kmem_cache *xen_blkif_cachep;
@@ -506,6 +507,9 @@ static void backend_changed(struct xenbus_watch *watch,
 
 	DPRINTK("");
 
+	if (be->alive)
+		return;
+
 	err = xenbus_scanf(XBT_NIL, dev->nodename, "physical-device", "%x:%x",
 			   &major, &minor);
 	if (XENBUS_EXIST_ERR(err)) {
@@ -548,8 +552,11 @@ static void backend_changed(struct xenbus_watch *watch,
 		char *p = strrchr(dev->otherend, '/') + 1;
 		long handle;
 		err = strict_strtoul(p, 0, &handle);
-		if (err)
+		if (err) {
+			kfree(be->mode);
+			be->mode = NULL;
 			return;
+		}
 
 		be->major = major;
 		be->minor = minor;
@@ -560,6 +567,8 @@ static void backend_changed(struct xenbus_watch *watch,
 			be->major = 0;
 			be->minor = 0;
 			xenbus_dev_fatal(dev, err, "creating vbd structure");
+			kfree(be->mode);
+			be->mode = NULL;
 			return;
 		}
 
@@ -569,10 +578,13 @@ static void backend_changed(struct xenbus_watch *watch,
 			be->major = 0;
 			be->minor = 0;
 			xenbus_dev_fatal(dev, err, "creating sysfs entries");
+			kfree(be->mode);
+			be->mode = NULL;
 			return;
 		}
 
 		/* We're potentially connected now */
+		be->alive = 1;
 		xen_update_blkif_status(be->blkif);
 	}
 }
-- 
1.8.0.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ