nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

xenbus: don't BUG() on user mode induced condition

Browse source 
Inability to locate a user mode specified transaction ID should not
lead to a kernel crash. For other than XS_TRANSACTION_START also
don't issue anything to xenbus if the specified ID doesn't match that
of any active transaction.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
This commit is contained in:
Jan Beulich 2016-07-07 01:23:57 -06:00 committed by David Vrabel
parent d2bd05d88d
commit 0beef634b8
1 changed files with 8 additions and 6 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

12
drivers/xen/xenbus/xenbus_dev_frontend.c
View file

@ -316,10 +316,17 @@ static int xenbus_write_transaction(unsigned msg_type,
rc = -ENOMEM; rc = -ENOMEM;
goto out; goto out;
} }
} else {
list_for_each_entry(trans, &u->transactions, list)
if (trans->handle.id == u->u.msg.tx_id)
break;
if (&trans->list == &u->transactions)
return -ESRCH;
} }
reply = xenbus_dev_request_and_reply(&u->u.msg); reply = xenbus_dev_request_and_reply(&u->u.msg);
if (IS_ERR(reply)) { if (IS_ERR(reply)) {
if (msg_type == XS_TRANSACTION_START)
kfree(trans); kfree(trans);
rc = PTR_ERR(reply); rc = PTR_ERR(reply);
goto out; goto out;
@ -333,12 +340,7 @@ static int xenbus_write_transaction(unsigned msg_type,
list_add(&trans->list, &u->transactions); list_add(&trans->list, &u->transactions);
} }
} else if (u->u.msg.type == XS_TRANSACTION_END) { } else if (u->u.msg.type == XS_TRANSACTION_END) {
list_for_each_entry(trans, &u->transactions, list)
if (trans->handle.id == u->u.msg.tx_id)
break;
BUG_ON(&trans->list == &u->transactions);
list_del(&trans->list); list_del(&trans->list);
kfree(trans); kfree(trans);
} }