|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] tmem: Prevent NULL dereference on error case
> From: Matthew Daley [mailto:mattjd@xxxxxxxxx] > Subject: [PATCH] tmem: Prevent NULL dereference on error case > > If the client / pool IDs given to tmemc_save_get_next_page are invalid, > the calculation of pagesize will dereference NULL. > > Fix this by moving the calculation below the appropriate NULL check. > > Signed-off-by: Matthew Daley <mattjd@xxxxxxxxx> Good catch! Did you see this on an actual save/restore or just by inspection? This should only happen as a result of a buggy toolstack so I'm wondering if fixing this hides a toolstack bug. In either case, this should be fixed in the hypervisor. Acked-by: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx> > diff --git a/xen/common/tmem.c b/xen/common/tmem.c > index 1280537..ec59009 100644 > --- a/xen/common/tmem.c > +++ b/xen/common/tmem.c > @@ -2436,10 +2436,13 @@ static NOINLINE int tmemc_save_get_next_page(int > cli_id, uint32_t pool_id, > OID oid; > int ret = 0; > struct tmem_handle h; > - unsigned int pagesize = 1 << (pool->pageshift+12); > + unsigned int pagesize; > > if ( pool == NULL || is_ephemeral(pool) ) > return -1; > + > + pagesize = 1 << (pool->pageshift + 12); > + > if ( bufsize < pagesize + sizeof(struct tmem_handle) ) > return -ENOMEM; > > -- > 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |