Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp6560892imb; Fri, 8 Mar 2019 23:19:02 -0800 (PST) X-Google-Smtp-Source: APXvYqygqXJH/N7Um95L8O0A+oOY4KHKv3H9O9nkXx2CGHUmWJZto9/jdMd/SoZUO9i6U1me0spx X-Received: by 2002:a17:902:7615:: with SMTP id k21mr23409564pll.152.1552115942914; Fri, 08 Mar 2019 23:19:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1552115942; cv=none; d=google.com; s=arc-20160816; b=VhKHj7wavSBmhwmrQtkWzjEGxloMZ0Wfyu25K0YWLiF1cN6CCeExOzxtVPaOMqXRpc DVKK4I7HApiMQx2VDYwcEEB/m7LRm2VhGAwRd+fak/DL9ka0UxJSuQpCThhOGVYRDDWi lxJ4pIE3d8ThVWM+UplCGQOOu3Nnvnzlqzw8Osl/HixUgm5jLtojtcci57tzalhXvRMq UBzI/9jFiQSbiCfwI3yrgg4DX90IBluKNxT3ifD8GNSNEIE8f9tRyBZvcaiMSJ/ySEs7 WWIc4lUWzPIJPeuA3oyhTXUtK8e2NzE03S9uuUqJgzSoXYzFXTWHpkHRNDwYvht4yW4U FR0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=9QOJfrxhV296P8DasI2H/PT/72m6x/xE41panMZjOHs=; b=haGeJjMlKp7tBG/vruMBMojMBSoDm4IJldymG5JVknBvTJARpozxbrpHtfkK/BytEl VGSxbKj3Dt8w1VmNRMu8QL+Z00BbfiSlTL7Kfme1z9u7Q/w0UkUP36Vi42kEmLP3Efin nvwu+AmVzk+Yi56Rfbc/wo+p/gCtPAIa5ZaydCFSiumMV1iVv2B091vf+3TgK60tRPtv M/Lp+aPB9C8iVT/f3408FpDfQxC3h21Vu19RJvszYU0D2FeGD1+iqs9pWNQBAP4DK74s ESKU0oGT1FafK7LslgPRdcQooyK2M/bGQh7U685urHBf1S5cRINEZHRJkS84VfDmJ2Jb kXcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p87si9085585pfa.48.2019.03.08.23.18.47; Fri, 08 Mar 2019 23:19:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726750AbfCIHSI (ORCPT + 99 others); Sat, 9 Mar 2019 02:18:08 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:45482 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725787AbfCIHSI (ORCPT ); Sat, 9 Mar 2019 02:18:08 -0500 Received: from DGGEMS401-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id A845633CF4A8AD12130D; Sat, 9 Mar 2019 15:18:05 +0800 (CST) Received: from localhost (10.177.246.209) by DGGEMS401-HUB.china.huawei.com (10.3.19.201) with Microsoft SMTP Server id 14.3.408.0; Sat, 9 Mar 2019 15:17:57 +0800 From: "Longpeng(Mike)" To: , CC: , , Longpeng , Gonglei Subject: [PATCH] virtio_pci: fix a NULL pointer reference in vp_del_vqs Date: Sat, 9 Mar 2019 15:17:40 +0800 Message-ID: <1552115860-328324-1-git-send-email-longpeng2@huawei.com> X-Mailer: git-send-email 1.8.4.msysgit.0 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.177.246.209] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Longpeng If the msix_affinity_masks is alloced failed, then we'll try to free some resources in vp_free_vectors() that may access it directly. We met the following stack in our production: [ 29.296767] BUG: unable to handle kernel NULL pointer dereference at (null) [ 29.311151] IP: [] vp_free_vectors+0x6a/0x150 [virtio_pci] [ 29.324787] PGD 0 [ 29.333224] Oops: 0000 [#1] SMP [...] [ 29.425175] RIP: 0010:[] [] vp_free_vectors+0x6a/0x150 [virtio_pci] [ 29.441405] RSP: 0018:ffff9a55c2dcfa10 EFLAGS: 00010206 [ 29.453491] RAX: 0000000000000000 RBX: ffff9a55c322c400 RCX: 0000000000000000 [ 29.467488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9a55c322c400 [ 29.481461] RBP: ffff9a55c2dcfa20 R08: 0000000000000000 R09: ffffc1b6806ff020 [ 29.495427] R10: 0000000000000e95 R11: 0000000000aaaaaa R12: 0000000000000000 [ 29.509414] R13: 0000000000010000 R14: ffff9a55bd2d9e98 R15: ffff9a55c322c400 [ 29.523407] FS: 00007fdcba69f8c0(0000) GS:ffff9a55c2840000(0000) knlGS:0000000000000000 [ 29.538472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.551621] CR2: 0000000000000000 CR3: 000000003ce52000 CR4: 00000000003607a0 [ 29.565886] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.580055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.594122] Call Trace: [ 29.603446] [] vp_request_msix_vectors+0xe2/0x260 [virtio_pci] [ 29.618017] [] vp_try_to_find_vqs+0x95/0x3b0 [virtio_pci] [ 29.632152] [] vp_find_vqs+0x37/0xb0 [virtio_pci] [ 29.645582] [] init_vq+0x153/0x260 [virtio_blk] [ 29.658831] [] virtblk_probe+0xe8/0x87f [virtio_blk] [...] Cc: Gonglei Signed-off-by: Longpeng --- drivers/virtio/virtio_pci_common.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c index d0584c0..7a0398b 100644 --- a/drivers/virtio/virtio_pci_common.c +++ b/drivers/virtio/virtio_pci_common.c @@ -255,9 +255,11 @@ void vp_del_vqs(struct virtio_device *vdev) for (i = 0; i < vp_dev->msix_used_vectors; ++i) free_irq(pci_irq_vector(vp_dev->pci_dev, i), vp_dev); - for (i = 0; i < vp_dev->msix_vectors; i++) - if (vp_dev->msix_affinity_masks[i]) - free_cpumask_var(vp_dev->msix_affinity_masks[i]); + if (vp_dev->msix_affinity_masks) { + for (i = 0; i < vp_dev->msix_vectors; i++) + if (vp_dev->msix_affinity_masks[i]) + free_cpumask_var(vp_dev->msix_affinity_masks[i]); + } if (vp_dev->msix_enabled) { /* Disable the vector used for configuration */ -- 1.8.3.1