xen-gnt: prevent adding duplicate gnt callbacks
authorRoger Pau Monne <roger.pau@citrix.com>
Wed, 31 Jul 2013 15:00:42 +0000 (17:00 +0200)
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Fri, 9 Aug 2013 14:58:11 +0000 (10:58 -0400)
With the current implementation, the callback in the tail of the list
can be added twice, because the check done in
gnttab_request_free_callback is bogus, callback->next can be NULL if
it is the last callback in the list. If we add the same callback twice
we end up with an infinite loop, were callback == callback->next.

Replace this check with a proper one that iterates over the list to
see if the callback has already been added.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Matt Wilson <msw@amazon.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
CC: stable@vger.kernel.org
drivers/xen/grant-table.c

index 04cdeb8e371944a12237da0191648e31f5a44c2f..c4d2298893b189f61b75da4ed9aa555a90d8878a 100644 (file)
@@ -730,9 +730,18 @@ void gnttab_request_free_callback(struct gnttab_free_callback *callback,
                                  void (*fn)(void *), void *arg, u16 count)
 {
        unsigned long flags;
+       struct gnttab_free_callback *cb;
+
        spin_lock_irqsave(&gnttab_list_lock, flags);
-       if (callback->next)
-               goto out;
+
+       /* Check if the callback is already on the list */
+       cb = gnttab_free_callback_list;
+       while (cb) {
+               if (cb == callback)
+                       goto out;
+               cb = cb->next;
+       }
+
        callback->fn = fn;
        callback->arg = arg;
        callback->count = count;