WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

[Xen-devel] bug in xenbus_dev.c?

from [James Harper]

[Permanent Link][Original]

To:	"List: Xen Developers" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] bug in xenbus_dev.c?
From:	"James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date:	Sun, 21 Dec 2008 14:32:51 +1100
Delivery-date:	Sat, 20 Dec 2008 19:33:23 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcljHM1SD22YfGTjR/C/pV37F8pIdw==
Thread-topic:	bug in xenbus_dev.c?

I'm implementing a userspace channel in the GPLPV drivers so that the
xenstore tools (once ported) can work, and I noticed this code in the
xenbus_dev_write() function in xenbus_dev.c:

"
        case XS_SET_PERMS:
                if (msg_type == XS_TRANSACTION_START) {
-->A                    trans = kmalloc(sizeof(*trans), GFP_KERNEL);
                        if (!trans) {
                                rc = -ENOMEM;
                                goto out;
                        }
                }

                reply = xenbus_dev_request_and_reply(&u->u.msg);
                if (IS_ERR(reply)) {
-->B                    kfree(trans);
                        rc = PTR_ERR(reply);
                        goto out;
                }
"

The code at A is only executed if 'msg_type == XS_TRANSACTION_START',
but isn't it possible for B to be executed in the
non-XS_TRANSACTION_START code path, resulting in kfree(NULL)?

James


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] bug in xenbus_dev.c?, James Harper <= Re: [Xen-devel] bug in xenbus_dev.c?, Keir Fraser

Previous by Date:	Re: [Xen-devel] Re: 2.6.26-rc8 pv_ops causes Unhandled invalid opcode fault/trap, Jeremy Fitzhardinge
Next by Date:	[Xen-devel] xenbus message id's, James Harper
Previous by Thread:	[Xen-devel] Weekly VMX status report. Xen: #18926 & Xen0: #763, Li, Haicheng
Next by Thread:	Re: [Xen-devel] bug in xenbus_dev.c?, Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix