Fix kernel NULL pointer dereference in xen-blkfront
authorKris Shannon <kris@shannon.id.au>
Mon, 2 Mar 2009 08:47:37 +0000 (19:47 +1100)
committerJens Axboe <jens.axboe@oracle.com>
Thu, 5 Mar 2009 11:04:57 +0000 (12:04 +0100)
When booting Xen Dom0 on a pre-release 3.2.1 hypervisor the system Oopses on a
"Unable to handle kernel NULL pointer dereference" in xenwatch.

From the backtrace it looks like backend_changed is calling bdget_disk
with a NULL pointer.  Checking for NULL and returning ENODEV instead
allows the kernel to boot.

drivers/block/xen-blkfront.c

index b6c8ce25435994558885e9e4b9c4ac6aafaa9357..8f905089b72b7e49c2434d1b6abba9fa76321051 100644 (file)
@@ -977,6 +977,8 @@ static void backend_changed(struct xenbus_device *dev,
                break;
 
        case XenbusStateClosing:
+               if (info->gd == NULL)
+                       xenbus_dev_fatal(dev, -ENODEV, "gd is NULL");
                bd = bdget_disk(info->gd, 0);
                if (bd == NULL)
                        xenbus_dev_fatal(dev, -ENODEV, "bdget failed");