centosplus patch [bug#15742]
commit 0beef634b86a1350c31da5fcc2992f0d7c8a622b
Author: Jan Beulich <JBeulich@suse.com>
Date: Thu Jul 7 01:23:57 2016 -0600
xenbus: don't BUG() on user mode induced condition
Inability to locate a user mode specified transaction ID should not
lead to a kernel crash. For other than XS_TRANSACTION_START also
don't issue anything to xenbus if the specified ID doesn't match that
of any active transaction.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Applied-by: Akemi Yagi <toracat@centos.org>
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c 2018-11-15 09:07:13.000000000 -0800
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c 2019-01-25 09:28:08.685086392 -0800
@@ -316,11 +316,18 @@ static int xenbus_write_transaction(unsi
rc = -ENOMEM;
goto out;
}
+ } else {
+ list_for_each_entry(trans, &u->transactions, list)
+ if (trans->handle.id == u->u.msg.tx_id)
+ break;
+ if (&trans->list == &u->transactions)
+ return -ESRCH;
}
reply = xenbus_dev_request_and_reply(&u->u.msg);
if (IS_ERR(reply)) {
- kfree(trans);
+ if (msg_type == XS_TRANSACTION_START)
+ kfree(trans);
rc = PTR_ERR(reply);
goto out;
}
@@ -330,12 +337,7 @@ static int xenbus_write_transaction(unsi
list_add(&trans->list, &u->transactions);
} else if (msg_type == XS_TRANSACTION_END) {
- list_for_each_entry(trans, &u->transactions, list)
- if (trans->handle.id == u->u.msg.tx_id)
- break;
- BUG_ON(&trans->list == &u->transactions);
list_del(&trans->list);
-
kfree(trans);
}