| centosplus patch [bug#15742] |
| |
| commit 0beef634b86a1350c31da5fcc2992f0d7c8a622b |
| Author: Jan Beulich <JBeulich@suse.com> |
| Date: Thu Jul 7 01:23:57 2016 -0600 |
| |
| xenbus: don't BUG() on user mode induced condition |
| |
| Inability to locate a user mode specified transaction ID should not |
| lead to a kernel crash. For other than XS_TRANSACTION_START also |
| don't issue anything to xenbus if the specified ID doesn't match that |
| of any active transaction. |
| |
| Signed-off-by: Jan Beulich <jbeulich@suse.com> |
| Cc: <stable@vger.kernel.org> |
| Signed-off-by: David Vrabel <david.vrabel@citrix.com> |
| |
| Applied-by: Akemi Yagi <toracat@centos.org> |
| |
| |
| |
| @@ -316,11 +316,18 @@ static int xenbus_write_transaction(unsi |
| rc = -ENOMEM; |
| goto out; |
| } |
| + } else { |
| + list_for_each_entry(trans, &u->transactions, list) |
| + if (trans->handle.id == u->u.msg.tx_id) |
| + break; |
| + if (&trans->list == &u->transactions) |
| + return -ESRCH; |
| } |
| |
| reply = xenbus_dev_request_and_reply(&u->u.msg); |
| if (IS_ERR(reply)) { |
| - kfree(trans); |
| + if (msg_type == XS_TRANSACTION_START) |
| + kfree(trans); |
| rc = PTR_ERR(reply); |
| goto out; |
| } |
| @@ -330,12 +337,7 @@ static int xenbus_write_transaction(unsi |
| |
| list_add(&trans->list, &u->transactions); |
| } else if (msg_type == XS_TRANSACTION_END) { |
| - list_for_each_entry(trans, &u->transactions, list) |
| - if (trans->handle.id == u->u.msg.tx_id) |
| - break; |
| - BUG_ON(&trans->list == &u->transactions); |
| list_del(&trans->list); |
| - |
| kfree(trans); |
| } |
| |