Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2819798imu; Sun, 23 Dec 2018 08:30:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN5BvvOvUo/VRKuLIIaCq05Pr1txX6Kk4G/XaGPPZYZKXbybgaahK1xhVwOPGEXM5CYoh8hP X-Received: by 2002:a63:8f45:: with SMTP id r5mr9485860pgn.222.1545582630335; Sun, 23 Dec 2018 08:30:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545582630; cv=none; d=google.com; s=arc-20160816; b=bLtwgiMRU5CL5OPJf+HojkJY9IVUO1zx73m5h1llp0AwrFvHCu1NiEYmlobhsFOoa3 zwvXDGlNtkrp8a0no1GDyEgFS57lPfSk1O7+vJSB6TEqmLDvYN2+VGNbF9JitXaic1zX zHdEmVTw93aOw4hWr00jqpxSaxbJcT4Q1RZs/6ldApk5kcJ842gmkGu+ynSP5OuYiMhs nrB6LdI0zwA5RJtdOiWGTet7Ab8JskyApCvJEu6pVfpRbjCUgzv4Xw09VgAKBeqwZv/C n2v1pybOIHFh6ELFhCcTgzDaxCo7/qGItmcDQ/7gm1e1UotVHIBFQdEk6oM7h8Dnryrn MILQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=rVYygCu2GKdbmIvLfX0dVPWVWyHgIe+DS96RcQ5GOTM=; b=FSrgF2IDoNZCykP9a8BBPnwUDi92He4rG3cFbOl41eKBcKAumFKnqB7FfdUGlUAu+J pB3fycwH8/FNNU82ZdsJbSI6ekYYQ549rUX6D4EcoWON7Uj+D/xIzS0Hltcyq1IRDHD5 3Kk5JVEOZ3T8h5VwkXUTKl+Yz1/BK2Gg4L2zEfRF65lwZyXVPyMOd9ensvfSjL5QaIY1 99CLsOIuYKg4GEP1R/Xj+KFxLmf2g7YsWvfV74J68ZxoblLYmbcJEv0hCOtTqkKL8aX1 f679uiylrk75cH1vnj89BUdbpeeWmwFb0OFaHnWaGPrZOw33lDsL2uDAwUYVBngKbm4L rrTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v185si6324987pfb.65.2018.12.23.08.30.14; Sun, 23 Dec 2018 08:30:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392794AbeLVTr6 (ORCPT + 99 others); Sat, 22 Dec 2018 14:47:58 -0500 Received: from gateway20.websitewelcome.com ([192.185.44.20]:27076 "EHLO gateway20.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733159AbeLVTr5 (ORCPT ); Sat, 22 Dec 2018 14:47:57 -0500 X-Greylist: delayed 1501 seconds by postgrey-1.27 at vger.kernel.org; Sat, 22 Dec 2018 14:47:57 EST Received: from cm11.websitewelcome.com (cm11.websitewelcome.com [100.42.49.5]) by gateway20.websitewelcome.com (Postfix) with ESMTP id 314F4400C647B for ; Sat, 22 Dec 2018 13:01:29 -0600 (CST) Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with SMTP id amWfg1EcrdnCeamWfgAWRG; Sat, 22 Dec 2018 13:01:29 -0600 X-Authority-Reason: nr=8 Received: from [189.250.106.44] (port=38056 helo=[192.168.1.76]) by gator4166.hostgator.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gamWM-003ck2-Qy; Sat, 22 Dec 2018 13:01:28 -0600 Subject: Re: [PATCH] lightnvm: pblk: fix use-after-free bug To: =?UTF-8?Q?Matias_Bj=c3=b8rling?= , Igor Konopko , Jens Axboe Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org References: <20181222073952.GA11561@embeddedor> <1992ea52-cc13-c704-4653-7fbe667b1c5a@lightnvm.io> From: "Gustavo A. R. Silva" Message-ID: Date: Sat, 22 Dec 2018 13:01:09 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <1992ea52-cc13-c704-4653-7fbe667b1c5a@lightnvm.io> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 189.250.106.44 X-Source-L: No X-Exim-ID: 1gamWM-003ck2-Qy X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([192.168.1.76]) [189.250.106.44]:38056 X-Source-Auth: gustavo@embeddedor.com X-Email-Count: 5 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/22/18 12:30 PM, Matias Bjørling wrote: > On 12/22/18 8:39 AM, Gustavo A. R. Silva wrote: >> Remove one of the calls to function bio_put(), so *bio* is only >> freed once. >> >> Notice that bio is being dereferenced in bio_put(), hence leading to >> a use-after-free bug once *bio* has already been freed. >> >> Addresses-Coverity-ID: 1475952 ("Use after free") >> Fixes: 55d8ec35398e ("lightnvm: pblk: support packed metadata") >> Signed-off-by: Gustavo A. R. Silva >> --- >>   drivers/lightnvm/pblk-recovery.c | 1 - >>   1 file changed, 1 deletion(-) >> >> diff --git a/drivers/lightnvm/pblk-recovery.c >> b/drivers/lightnvm/pblk-recovery.c >> index 3fcf062d752c..5ee20da7bdb3 100644 >> --- a/drivers/lightnvm/pblk-recovery.c >> +++ b/drivers/lightnvm/pblk-recovery.c >> @@ -418,7 +418,6 @@ static int pblk_recov_scan_oob(struct pblk *pblk, >> struct pblk_line *line, >>       if (ret) { >>           pblk_err(pblk, "I/O submission failed: %d\n", ret); >>           bio_put(bio); >> -        bio_put(bio); >>           return ret; >>       } >> > > Thanks Gustavo. I missed that one. > > Jens, if possible could you please pick this up? > > Happy holidays! > Glad to help. :) Happy holidays everybody. -- Gustavo