xen-devel

[Top] [All Lists]

Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction

from [Daniel Stodden]

[Permanent Link][Original]

To:	Jan Beulich <JBeulich@xxxxxxxxxx>
Subject:	Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction.
From:	Daniel Stodden <daniel.stodden@xxxxxxxxxx>
Date:	Thu, 25 Feb 2010 01:57:19 -0800
Cc:	Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Jake Wires <Jake.Wires@xxxxxxxxxx>
Delivery-date:	Thu, 25 Feb 2010 02:05:21 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4B8642D10200007800031353@xxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization:	Citrix VMD
References:	<4B85AE5C.8050603@xxxxxxxx> <1267053644.5962.409.camel@xxxxxxxxxxxxxxxxxxxxxxx> <4B85B58D.20204@xxxxxxxx> <1267056730.5962.596.camel@xxxxxxxxxxxxxxxxxxxxxxx> <1267056967.5962.616.camel@xxxxxxxxxxxxxxxxxxxxxxx> <1267057462.5962.660.camel@xxxxxxxxxxxxxxxxxxxxxxx> <4B8642D10200007800031353@xxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On Thu, 2010-02-25 at 03:28 -0500, Jan Beulich wrote:
> Wouldn't it be better to move blk_cleanup_queue() even before del_gendisk()?

No.

[2009-09-22 12:48:58 UTC] Call Trace:
[2009-09-22 12:48:58 UTC]  [<c01d0186>] ? sysfs_remove_dir+0x46/0xa0
[2009-09-22 12:48:58 UTC]  [<c020180f>] ? kobject_del+0xf/0x30
[2009-09-22 12:48:58 UTC]  [<c01f107c>] ? __elv_unregister_queue+0x1c/0x20
[2009-09-22 12:48:58 UTC]  [<c01f108f>] ? elv_unregister_queue+0xf/0x20
[2009-09-22 12:48:58 UTC]  [<c01f512a>] ? blk_unregister_queue+0x2a/0x70
[2009-09-22 12:48:58 UTC]  [<c01fa55a>] ? unlink_gendisk+0x2a/0x40
[2009-09-22 12:48:58 UTC]  [<c01c9b10>] ? del_gendisk+0x60/0xd0
[2009-09-22 12:48:58 UTC]  [<c028066e>] ? destroy_backdev+0x7e/0x100
[2009-09-22 12:48:58 UTC]  [<c027f05b>] ? tap_blkif_schedule+0x5cb/0x830
[2009-09-22 12:48:58 UTC]  [<c011ed51>] ? pick_next_task_fair+0x91/0xd0
[2009-09-22 12:48:58 UTC]  [<c013dd70>] ? autoremove_wake_function+0x0/0x50
[2009-09-22 12:48:58 UTC]  [<c027ea90>] ? tap_blkif_schedule+0x0/0x830
[2009-09-22 12:48:58 UTC]  [<c013da12>] ? kthread+0x42/0x70
[2009-09-22 12:48:58 UTC]  [<c013d9d0>] ? kthread+0x0/0x70
[2009-09-22 12:48:58 UTC]  [<c010561b>] ? kernel_thread_helper+0x7/0x10

changeset:   660:88fe4866b738
user:        Daniel Stodden <daniel.stodden@xxxxxxxxxx>
date:        Wed Oct 07 13:54:16 2009 -0700
files:       CA-32943-wild-ptr-deref.diff series
description:
CA-33070: Fix and reenable my broken CA-30953.diff & co.

A del_gendisk() definitely wants to find a queue on the disk. Which
in turn will have dropped to zero right after the cleanup
call. Because that crackbrained gendisk, as the only queue holder
which really matters in that entire game, is also the single entity
left short of maintaining that ref on its own here.

In summary, it apparently has to be *this* particular order.

+diff -r ebd0574c414a drivers/xen/blktap/backdev.c
+--- a/drivers/xen/blktap/backdev.c     Mon Sep 21 16:09:37 2009 -0700
++++ b/drivers/xen/blktap/backdev.c     Tue Sep 22 17:16:52 2009 -0700
+@@ -99,10 +99,9 @@
        spin_unlock_irq(&backdev_io_lock);
  
+       del_gendisk(info->gd);
 +      blk_cleanup_queue(info->gd->queue);
-+
-       del_gendisk(info->gd);
        put_disk(info->gd);
  
 -      blk_cleanup_queue(info->gd->queue);




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Crash on blktap shutdown, Jeremy Fitzhardinge [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden [Xen-devel] Re: Crash on blktap shutdown, Jeremy Fitzhardinge [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Jan Beulich Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden <= Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden Re: [Xen-devel] Yet another [PATCH] blkfront: Fix wild ptr deref during device destruction., Daniel Stodden [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden Re: [Xen-devel] Re: Crash on blktap shutdown, Jeremy Fitzhardinge Re: [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden Re: [Xen-devel] Re: Crash on blktap shutdown, Jeremy Fitzhardinge Re: [Xen-devel] Re: Crash on blktap shutdown, Daniel Stodden Re: [Xen-devel] [PATCH] Re: Crash on blktap shutdown, Daniel Stodden Re: [Xen-devel] [PATCH] Re: Crash on blktap shutdown, Jeremy Fitzhardinge Re: [Xen-devel] [PATCH] Re: Crash on blktap shutdown, Daniel Stodden

Previous by Date:	RE: [Xen-devel] Crash during boot in Debian lenny default dom0 kernel (2.6.26-2-xen-686), Jiang, Yunhong
Next by Date:	Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden
Previous by Thread:	[Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Jan Beulich
Next by Thread:	Re: [Xen-devel] Re: [PATCH] Fix wild ptr deref during device destruction., Daniel Stodden
Indexes:	[Date] [Thread] [Top] [All Lists]