[PATCH] Fix kernel NULL pointer dereference in xen-blkfront

From: Kris Shannon
Date: Mon Mar 02 2009 - 03:47:49 EST

Next message: Ingo Molnar: "[git pull] x86 fixes"
Previous message: Christof Schmitt: "Re: Command line parameter not passed to module in linux-next"
Next in thread: Jeremy Fitzhardinge: "Re: [PATCH] Fix kernel NULL pointer dereference in xen-blkfront"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When booting Xen Dom0 on a pre-release 3.2.1 hypervisor the system Oopses on a
"Unable to handle kernel NULL pointer dereference" in xenwatch.

>From the backtrace it looks like backend_changed is calling bdget_disk
with a NULL pointer. Checking for NULL and returning ENODEV instead
allows the kernel to boot.
---
drivers/block/xen-blkfront.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
index f2fff5799ddf0fe1b41909b64d606d..3e2ab6d53adaeb70efa12f0a1f33bb 100644
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -905,6 +905,8 @@ static void backend_changed(struct xenbus_device *dev,
break;

case XenbusStateClosing:
+ if (info->gd == NULL)
+ xenbus_dev_fatal(dev, -ENODEV, "gd is NULL");
bd = bdget_disk(info->gd, 0);
if (bd == NULL)
xenbus_dev_fatal(dev, -ENODEV, "bdget failed");
--
1.6.1.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "[git pull] x86 fixes"
Previous message: Christof Schmitt: "Re: Command line parameter not passed to module in linux-next"
Next in thread: Jeremy Fitzhardinge: "Re: [PATCH] Fix kernel NULL pointer dereference in xen-blkfront"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]