Commit d1e6344e authored by Jan Beulich's avatar Jan Beulich Committed by Greg Kroah-Hartman

xenbus: don't BUG() on user mode induced condition

commit 0beef634 upstream.

Inability to locate a user mode specified transaction ID should not
lead to a kernel crash. For other than XS_TRANSACTION_START also
don't issue anything to xenbus if the specified ID doesn't match that
of any active transaction.
Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 66af4230
...@@ -316,11 +316,18 @@ static int xenbus_write_transaction(unsigned msg_type, ...@@ -316,11 +316,18 @@ static int xenbus_write_transaction(unsigned msg_type,
rc = -ENOMEM; rc = -ENOMEM;
goto out; goto out;
} }
} else {
list_for_each_entry(trans, &u->transactions, list)
if (trans->handle.id == u->u.msg.tx_id)
break;
if (&trans->list == &u->transactions)
return -ESRCH;
} }
reply = xenbus_dev_request_and_reply(&u->u.msg); reply = xenbus_dev_request_and_reply(&u->u.msg);
if (IS_ERR(reply)) { if (IS_ERR(reply)) {
kfree(trans); if (msg_type == XS_TRANSACTION_START)
kfree(trans);
rc = PTR_ERR(reply); rc = PTR_ERR(reply);
goto out; goto out;
} }
...@@ -333,12 +340,7 @@ static int xenbus_write_transaction(unsigned msg_type, ...@@ -333,12 +340,7 @@ static int xenbus_write_transaction(unsigned msg_type,
list_add(&trans->list, &u->transactions); list_add(&trans->list, &u->transactions);
} }
} else if (u->u.msg.type == XS_TRANSACTION_END) { } else if (u->u.msg.type == XS_TRANSACTION_END) {
list_for_each_entry(trans, &u->transactions, list)
if (trans->handle.id == u->u.msg.tx_id)
break;
BUG_ON(&trans->list == &u->transactions);
list_del(&trans->list); list_del(&trans->list);
kfree(trans); kfree(trans);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment