Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp2714362ybj; Mon, 23 Sep 2019 08:15:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqweBn/mOuB+uU6/drBaD8MKnJB2rWLjVNPWuM+NpIbskWS6+allD9/554FgBZ1dfdd4cEmG X-Received: by 2002:a50:8b61:: with SMTP id l88mr613575edl.244.1569251723192; Mon, 23 Sep 2019 08:15:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569251723; cv=none; d=google.com; s=arc-20160816; b=Kf2hzEd4a6bBEY8mCPZsqr7sTUx/8RSazXLl9YIMRAY2Km7daBJ4yvaYrowbBPNB+T W0XaOjYW703285fxVqnQsmhjUeKaichvc1qU4Sf0D8mlN697PcYTPp7Zu4T4CHEBoaux AtJh2sEHQMRstYqAfc7/XyK3WE7Ovj8gUgu0JOqqw+yF/SRqOwjouuOazQbb9il41hGn E8YCC6esYOb899yuzBvsfanjWzmcUEPHaTEtcUzgvgDyY/J4gOd7Z1AbGyoGMqXtzQBf PJ1gtBnYQfaIW7Hs4AoaI7pls91E63l65MhHQXpAGITKs5G31Eyp9Rzv8fUDV5aJUi/A J0WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=xh0O0ljNRWWaiIjPMjX+H9AUcNaF6AB12lTok8pYyQE=; b=yyvgH7LqA7a91y/XmekvrMskMu1ueSBXMxGAubCprbFuOzLmxfuVMR8CGq77biU6/V XHOqJT+JMHe9OX4ZeFWT0YvwkdJsibZEDTAqPWpa0HJQ1FL87bkpeeI0GCpS7LkdRF9M 4gWfv0r8dFluPkradQNnsTjilQOkOfNQKnm1QihPmJ3+Av4KoS0zLLpp1rQAe68QFBSH CD87fLf5rU9brBKACERkCQ2JE5zJnsV48sANmXU1HWecVWBxkOGN82O/3HiSmvxHiI4p RXXYf/IpskxK9sDKcjG2YRUhnfNNPtIx/VkP+Q7KIYGU6TEeypWrVFJY3ureTTljE9vD VVtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j13si2541238ejb.98.2019.09.23.08.14.59; Mon, 23 Sep 2019 08:15:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727227AbfIVCid (ORCPT + 99 others); Sat, 21 Sep 2019 22:38:33 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39534 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727070AbfIVCid (ORCPT ); Sat, 21 Sep 2019 22:38:33 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DB2243086218; Sun, 22 Sep 2019 02:38:32 +0000 (UTC) Received: from [10.72.12.58] (ovpn-12-58.pek2.redhat.com [10.72.12.58]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7E5B85D9E2; Sun, 22 Sep 2019 02:38:28 +0000 (UTC) Subject: Re: [PATCH RESEND] nbd: avoid losing pointer to reallocated config->socks in nbd_add_socket To: Eugene Syromiatnikov , linux-block@vger.kernel.org, Josef Bacik , nbd@other.debian.org Cc: linux-kernel@vger.kernel.org, Jens Axboe References: <20190920160644.GA15739@asgard.redhat.com> From: Xiubo Li Message-ID: Date: Sun, 22 Sep 2019 10:38:24 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20190920160644.GA15739@asgard.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Sun, 22 Sep 2019 02:38:32 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/9/21 0:06, Eugene Syromiatnikov wrote: > In the (very unlikely) case of config->socks reallocation success > and nsock allocation failure config->nsock will not get updated > with the new pointer to socks array. Fix it by updating config->socks > right after reallocation successfulness check. > > Fixes: 9561a7ade0c2 ("nbd: add multi-connection support") > Signed-off-by: Eugene Syromiatnikov > Cc: stable@vger.kernel.org # 4.10+ > --- > drivers/block/nbd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c > index a8e3815..a04c686 100644 > --- a/drivers/block/nbd.c > +++ b/drivers/block/nbd.c > @@ -987,14 +987,14 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg, > sockfd_put(sock); > return -ENOMEM; > } > + config->socks = socks; > + > nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL); > if (!nsock) { > sockfd_put(sock); > return -ENOMEM; > } > > - config->socks = socks; > - This makes sense. If the socks allocating successes, then the old config->socks will be freed by krealloc() and return the new one, but if the nsock allocating fails, the config->socks will hold the released memory, which may cause the kernel crash. Thanks BRs > nsock->fallback_index = -1; > nsock->dead = false; > mutex_init(&nsock->tx_lock);