Re: [PATCH] Fix kernel NULL pointer dereference in xen-blkfront
From: Jeremy Fitzhardinge
Date: Tue Mar 03 2009 - 16:59:57 EST
Kris Shannon wrote:
When booting Xen Dom0 on a pre-release 3.2.1 hypervisor the system Oopses on a
"Unable to handle kernel NULL pointer dereference" in xenwatch.
From the backtrace it looks like backend_changed is calling bdget_disk
with a NULL pointer. Checking for NULL and returning ENODEV instead
allows the kernel to boot.
Thanks, applied. (BTW, please cc: me and xen-devel for Xen-related
reports.)
Jens: could you pull this; I think this is probably -rc material. This
crash just started happening, so I guess its a side-effect of some core
kernel change.
The following changes since commit c7241227f61ca6606a7fa3555391360d92bd8d9b:
Jens Axboe (1):
xen/blkfront: use blk_rq_map_sg to generate ring entries
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen.git xen/frontend/blkfront
Kris Shannon (1):
Fix kernel NULL pointer dereference in xen-blkfront
drivers/block/xen-blkfront.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
Thanks,
J
---
drivers/block/xen-blkfront.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
index f2fff5799ddf0fe1b41909b64d606d..3e2ab6d53adaeb70efa12f0a1f33bb 100644
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -905,6 +905,8 @@ static void backend_changed(struct xenbus_device *dev,
break;
case XenbusStateClosing:
+ if (info->gd == NULL)
+ xenbus_dev_fatal(dev, -ENODEV, "gd is NULL");
bd = bdget_disk(info->gd, 0);
if (bd == NULL)
xenbus_dev_fatal(dev, -ENODEV, "bdget failed");
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/