xenbus: remove transaction holder from list before freeing
authorJan Beulich <JBeulich@suse.com>
Tue, 4 Apr 2017 12:27:22 +0000 (06:27 -0600)
committerBoris Ostrovsky <boris.ostrovsky@oracle.com>
Tue, 4 Apr 2017 14:11:06 +0000 (10:11 -0400)
After allocation the item is being placed on the list right away.
Consequently it needs to be taken off the list before freeing in the
case xenbus_dev_request_and_reply() failed, as in that case the
callback (xenbus_dev_queue_reply()) is not being called (and if it
was called, it should do both).

Fixes: 5584ea250ae44f929feb4c7bd3877d1c5edbf813
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
drivers/xen/xenbus/xenbus_dev_frontend.c

index 1f4733b80c877426fa337e67eebf708b5fb9b41c..f3b089b7c0b62ab22fd2aba11111f9bcecea50cd 100644 (file)
@@ -442,8 +442,10 @@ static int xenbus_write_transaction(unsigned msg_type,
                return xenbus_command_reply(u, XS_ERROR, "ENOENT");
 
        rc = xenbus_dev_request_and_reply(&u->u.msg, u);
-       if (rc)
+       if (rc && trans) {
+               list_del(&trans->list);
                kfree(trans);
+       }
 
 out:
        return rc;