[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenbus: fix possible crash in xenbus_uevent_backend

On Mon, 2011-07-18 at 13:40 +0100, Olaf Hering wrote:
> Fix possible NULL pointer crash in xenbus_uevent_backend().
> The variable to check for should probably be bus.
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
> Index: linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c
> ===================================================================
> --- linux-3.0-rc7-xen-kexec.orig/drivers/xen/xenbus/xenbus_probe_backend.c
> +++ linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c
> @@ -104,7 +104,7 @@ static int xenbus_uevent_backend(struct
>       xdev = to_xenbus_device(dev);
>       bus = container_of(xdev->dev.bus, struct xen_bus_type, bus);
> -     if (xdev == NULL)
> +     if (bus == NULL)
>               return -ENODEV;

Is this fixing an actual crash which you observed of just something you
noticed looking at the code?

container_of is pure pointer arithmetic without dereferencing so to get
bus == NULL you'd need xdev == offsetof(struct xen_bus_type, bus) or
some such.

I think the check of xdev is correct, although it might be clearer if it
preceded the "bus = ... " it's not actively harmful where it is since
container_of doesn't dereference the pointer.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.