Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0beef634 authored by Jan Beulich's avatar Jan Beulich Committed by David Vrabel
Browse files

xenbus: don't BUG() on user mode induced condition 



Inability to locate a user mode specified transaction ID should not
lead to a kernel crash. For other than XS_TRANSACTION_START also
don't issue anything to xenbus if the specified ID doesn't match that
of any active transaction.

Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
parent d2bd05d8

drivers/xen/xenbus/xenbus_dev_frontend.c

+8 −6
Original line number Diff line number Diff line
@@ -316,10 +316,17 @@ static int xenbus_write_transaction(unsigned msg_type, 
			rc = -ENOMEM;

			goto out;

		}

	} else {

		list_for_each_entry(trans, &u->transactions, list)

			if (trans->handle.id == u->u.msg.tx_id)

				break;

		if (&trans->list == &u->transactions)

			return -ESRCH;

	}



	reply = xenbus_dev_request_and_reply(&u->u.msg);

	if (IS_ERR(reply)) {

		if (msg_type == XS_TRANSACTION_START)

			kfree(trans);

		rc = PTR_ERR(reply);

		goto out;
@@ -333,12 +340,7 @@ static int xenbus_write_transaction(unsigned msg_type, 
			list_add(&trans->list, &u->transactions);

		}

	} else if (u->u.msg.type == XS_TRANSACTION_END) {

		list_for_each_entry(trans, &u->transactions, list)

			if (trans->handle.id == u->u.msg.tx_id)

				break;

		BUG_ON(&trans->list == &u->transactions);

		list_del(&trans->list);



		kfree(trans);

	}