|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [win-pv-devel] [PATCH] Veto zero length range pop, get and put
It clearly makes no sense to allocate a zero length range, but
both RangeSetPop() and RangeSetGet() currently allow it. RangeSetPut()
also allows such a range to be freed but trips over an assertion in
a checked build and will hopelessly confuse the code in a free build
probably leading to a subsequent crash.
Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
src/xenbus/range_set.c | 44 ++++++++++++++++++++++++++++++++++----------
1 file changed, 34 insertions(+), 10 deletions(-)
diff --git a/src/xenbus/range_set.c b/src/xenbus/range_set.c
index eaf3f10..f52af63 100644
--- a/src/xenbus/range_set.c
+++ b/src/xenbus/range_set.c
@@ -194,12 +194,17 @@ RangeSetPop(
UNREFERENCED_PARAMETER(Interface);
+ status = STATUS_INVALID_PARAMETER;
+
+ if (Count == 0)
+ goto fail1;
+
KeAcquireSpinLock(&RangeSet->Lock, &Irql);
status = STATUS_INSUFFICIENT_RESOURCES;
if (__RangeSetIsEmpty(RangeSet))
- goto fail1;
+ goto fail2;
Cursor = RangeSet->List.Flink;
@@ -210,7 +215,7 @@ RangeSetPop(
goto found;
}
- goto fail2;
+ goto fail3;
found:
RangeSet->Cursor = Cursor;
@@ -228,14 +233,17 @@ found:
return STATUS_SUCCESS;
+fail3:
+ Error("fail3\n");
+
fail2:
Error("fail2\n");
+ KeReleaseSpinLock(&RangeSet->Lock, Irql);
+
fail1:
Error("fail1 (%08x)\n", status);
- KeReleaseSpinLock(&RangeSet->Lock, Irql);
-
return status;
}
@@ -326,6 +334,11 @@ RangeSetGet(
UNREFERENCED_PARAMETER(Interface);
+ status = STATUS_INVALID_PARAMETER;
+
+ if (Count == 0)
+ goto fail1;
+
KeAcquireSpinLock(&RangeSet->Lock, &Irql);
Cursor = RangeSet->Cursor;
@@ -381,7 +394,7 @@ RangeSetGet(
// We need to split a range
status = RangeSetAdd(RangeSet, End + 1, Range->End, TRUE);
if (!NT_SUCCESS(status))
- goto fail1;
+ goto fail2;
Range->End = Start - 1;
@@ -393,11 +406,14 @@ done:
return STATUS_SUCCESS;
-fail1:
- Error("fail1 (%08x)\n", status);
+fail2:
+ Error("fail2\n");
KeReleaseSpinLock(&RangeSet->Lock, Irql);
+fail1:
+ Error("fail1 (%08x)\n", status);
+
return status;
}
@@ -500,6 +516,11 @@ RangeSetPut(
UNREFERENCED_PARAMETER(Interface);
+ status = STATUS_INVALID_PARAMETER;
+
+ if (Count == 0)
+ goto fail1;
+
ASSERT3S(End, >=, Start);
KeAcquireSpinLock(&RangeSet->Lock, &Irql);
@@ -522,7 +543,7 @@ RangeSetPut(
}
if (!NT_SUCCESS(status))
- goto fail1;
+ goto fail2;
RangeSet->ItemCount += Count;
@@ -530,11 +551,14 @@ RangeSetPut(
return STATUS_SUCCESS;
-fail1:
- Error("fail1 (%08x)\n", status);
+fail2:
+ Error("fail2\n");
KeReleaseSpinLock(&RangeSet->Lock, Irql);
+fail1:
+ Error("fail1 (%08x)\n", status);
+
return status;
}
--
2.5.3
_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |