|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xenbus: fix possible crash in xenbus_uevent_backend
>>> On 18.07.11 at 14:40, Olaf Hering <olaf@xxxxxxxxx> wrote: > Fix possible NULL pointer crash in xenbus_uevent_backend(). > The variable to check for should probably be bus. > > Signed-off-by: Olaf Hering <olaf@xxxxxxxxx> > > Index: linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c > =================================================================== > --- linux-3.0-rc7-xen-kexec.orig/drivers/xen/xenbus/xenbus_probe_backend.c > +++ linux-3.0-rc7-xen-kexec/drivers/xen/xenbus/xenbus_probe_backend.c > @@ -104,7 +104,7 @@ static int xenbus_uevent_backend(struct > > xdev = to_xenbus_device(dev); > bus = container_of(xdev->dev.bus, struct xen_bus_type, bus); > - if (xdev == NULL) > + if (bus == NULL) How can the result of a container_of() be NULL if the passed in value is in any way meaningful (i.e. valid or NULL)? If any such check is really necessary, wouldn't you rather want to check xdev->dev.bus here? Looking at the code (and its 2.6.18 tree's counterpart xenbus_uevent_frontend()), I would rather suspect that this wasn't meant to check bus in the first place, but instead needlessly tries to check the to_xenbus_device() result, which likewise can't reasonably be NULL (as that's again the result of a container_of()). Jan > return -ENODEV; > > /* stuff we want to pass to /sbin/hotplug */ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |