Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ebf04f33 authored by Simon Gaiser's avatar Simon Gaiser Committed by Boris Ostrovsky
Browse files

xen: xenbus_dev_frontend: Really return response string 



xenbus_command_reply() did not actually copy the response string and
leaked stack content instead.

Fixes: 9a6161fe ("xen: return xenstore command failures via response instead of rc")
Signed-off-by: default avatarSimon Gaiser <simon@invisiblethingslab.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
parent cd6e992b

drivers/xen/xenbus/xenbus_dev_frontend.c

+2 −1
Original line number Diff line number Diff line
@@ -403,7 +403,7 @@ static int xenbus_command_reply(struct xenbus_file_priv *u, 
{

	struct {

		struct xsd_sockmsg hdr;

		const char body[16];

		char body[16];

	} msg;

	int rc;
@@ -412,6 +412,7 @@ static int xenbus_command_reply(struct xenbus_file_priv *u, 
	msg.hdr.len = strlen(reply) + 1;

	if (msg.hdr.len > sizeof(msg.body))

		return -E2BIG;

	memcpy(&msg.body, reply, msg.hdr.len);



	mutex_lock(&u->reply_mutex);

	rc = queue_reply(&u->read_buffers, &msg, sizeof(msg.hdr) + msg.hdr.len);