Re: [PATCH] nbd: Fix NULL pointer in flush_workqueue

To: Sun Ke <sunke32@huawei.com>, linux-block@vger.kernel.org, nbd@other.debian.org
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Jens Axboe <axboe@kernel.dk>, Josef Bacik <josef@toxicpanda.com>
Subject: Re: [PATCH] nbd: Fix NULL pointer in flush_workqueue
From: Markus Elfring <Markus.Elfring@web.de>
Date: Thu, 28 Jan 2021 20:42:51 +0100
Message-id: <[🔎] 1739e522-5980-f86e-cb90-19b61539a5cf@web.de>
In-reply-to: <[🔎] 20210128074153.1633374-1-sunke32@huawei.com>
References: <[🔎] 20210128074153.1633374-1-sunke32@huawei.com>

…
> +++ b/drivers/block/nbd.c
> @@ -2011,12 +2011,20 @@ static int nbd_genl_disconnect(struct sk_buff *skb, struct genl_info *info)
>  		       index);
>  		return -EINVAL;
>  	}
> +	mutex_lock(&nbd->config_lock);
>  	if (!refcount_inc_not_zero(&nbd->refs)) {
>  		mutex_unlock(&nbd_index_mutex);
> +		mutex_unlock(&nbd->config_lock);

Can an other function call order become relevant for the unlocking of these mutexes?


>  		printk(KERN_ERR "nbd: device at index %d is going down\n",
>  		       index);

May such an error message be moved into the lock scope?


>  		return -EINVAL;
>  	}
> +	if (!nbd->recv_workq) {
> +		mutex_unlock(&nbd->config_lock);
> +		mutex_unlock(&nbd_index_mutex);
> +		return -EINVAL;
> +	}

How do you think about to connect the code from this if branch
with a jump target like “unlock” so that such statements would be shareable
for the desired exception handling?


> +	mutex_unlock(&nbd->config_lock);
>  	mutex_unlock(&nbd_index_mutex);
>  	if (!refcount_inc_not_zero(&nbd->config_refs)) {
>  		nbd_put(nbd);


Regards,
Markus

Reply to:

References:
- [PATCH] nbd: Fix NULL pointer in flush_workqueue
  - From: Sun Ke <sunke32@huawei.com>

Prev by Date: [PATCH] nbd: Fix NULL pointer in flush_workqueue
Previous by thread: [PATCH] nbd: Fix NULL pointer in flush_workqueue
Index(es):
- Date
- Thread