[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenbus: fix possible crash in xenbus_uevent_backend

>>> On 18.07.11 at 14:40, Olaf Hering <olaf@xxxxxxxxx> wrote:
> Fix possible NULL pointer crash in xenbus_uevent_backend().
> The variable to check for should probably be bus.
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
> Index: linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c
> ===================================================================
> --- linux-3.0-rc7-xen-kexec.orig/drivers/xen/xenbus/xenbus_probe_backend.c
> +++ linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c
> @@ -104,7 +104,7 @@ static int xenbus_uevent_backend(struct
>       xdev = to_xenbus_device(dev);
>       bus = container_of(xdev->dev.bus, struct xen_bus_type, bus);
> -     if (xdev == NULL)
> +     if (bus == NULL)

How can the result of a container_of() be NULL if the passed in
value is in any way meaningful (i.e. valid or NULL)? If any such
check is really necessary, wouldn't you rather want to check
xdev->dev.bus here?

Looking at the code (and its 2.6.18 tree's counterpart
xenbus_uevent_frontend()), I would rather suspect that this
wasn't meant to check bus in the first place, but instead needlessly
tries to check the to_xenbus_device() result, which likewise can't
reasonably be NULL (as that's again the result of a container_of()).


>               return -ENODEV;
>       /* stuff we want to pass to /sbin/hotplug */

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.