diff mbox series

9p/xen: fix check for xenbus_read error in front_probe

Message ID 1534236007-10170-1-git-send-email-asmadeus@codewreck.org
State Not Applicable, archived
Delegated to: David Miller
Headers show
Series 9p/xen: fix check for xenbus_read error in front_probe | expand

Commit Message

Dominique Martinet Aug. 14, 2018, 8:40 a.m. UTC 
From: Dominique Martinet <dominique.martinet@cea.fr>

If the xen bus exists but does not expose the proper interface, it is
possible to get a non-zero length but still some error, leading to
strcmp failing trying to load invalid memory addresses e.g.
fffffffffffffffe.

There is then no need to check length when there is no error, as the
xenbus driver guarantees that the string is nul-terminated.

Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Latchesar Ionkov <lucho@ionkov.net>
---

This is a trivial bug I stumbled on when setting up xen with p9fs and
running the VM in pvm: it had enough in the bus to trigger the probe
but then there was no version and it tried to return ENOENT but len
was set to the lower-level message size.

 net/9p/trans_xen.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Stefano Stabellini Aug. 14, 2018, 5:03 p.m. UTC | #1 
On Tue, 14 Aug 2018, Dominique Martinet wrote:
> From: Dominique Martinet <dominique.martinet@cea.fr>
> 
> If the xen bus exists but does not expose the proper interface, it is
> possible to get a non-zero length but still some error, leading to
> strcmp failing trying to load invalid memory addresses e.g.
> fffffffffffffffe.
> 
> There is then no need to check length when there is no error, as the
> xenbus driver guarantees that the string is nul-terminated.
> 
> Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> Cc: Eric Van Hensbergen <ericvh@gmail.com>
> Cc: Latchesar Ionkov <lucho@ionkov.net>

Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>


> ---
> 
> This is a trivial bug I stumbled on when setting up xen with p9fs and
> running the VM in pvm: it had enough in the bus to trigger the probe
> but then there was no version and it tried to return ENOENT but len
> was set to the lower-level message size.
> 
>  net/9p/trans_xen.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
> index 1a5b38892eb4..f76beadddfc3 100644
> --- a/net/9p/trans_xen.c
> +++ b/net/9p/trans_xen.c
> @@ -391,9 +391,9 @@ static int xen_9pfs_front_probe(struct xenbus_device *dev,
>  	unsigned int max_rings, max_ring_order, len = 0;
>  
>  	versions = xenbus_read(XBT_NIL, dev->otherend, "versions", &len);
> -	if (!len)
> -		return -EINVAL;
> +	if (IS_ERR(versions))
> +		return PTR_ERR(versions);
>  	if (strcmp(versions, "1")) {
>  		kfree(versions);
>  		return -EINVAL;
>  	}
> -- 
> 2.17.1
>
diff mbox series

Patch

diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index 1a5b38892eb4..f76beadddfc3 100644
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -391,9 +391,9 @@  static int xen_9pfs_front_probe(struct xenbus_device *dev,
 	unsigned int max_rings, max_ring_order, len = 0;
 
 	versions = xenbus_read(XBT_NIL, dev->otherend, "versions", &len);
-	if (!len)
-		return -EINVAL;
+	if (IS_ERR(versions))
+		return PTR_ERR(versions);
 	if (strcmp(versions, "1")) {
 		kfree(versions);
 		return -EINVAL;
 	}