[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Avoid dereferencing NULL cache objects.

  • To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Paul Durrant <xadimgnik@xxxxxxxxx>
  • Date: Tue, 12 Sep 2023 09:42:48 +0200
  • Delivery-date: Tue, 12 Sep 2023 07:42:53 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
On 22/08/2023 12:28, Owen Smith wrote:

XENBUS_CACHE(Get, ...) can fail in low memory conditions. Avoid dereferencing
NULL pointers in ASSERTs
Fix up error path to avoid returning a NULL pointer to the cache.

Signed-off-by: Owen Smith <owen.smith@xxxxxxxxx>
---
  src/xenvif/receiver.c | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)



Reviewed-by: Paul Durrant <paul@xxxxxxx>
We should probably accompany this with a warning in CacheFill() if it breaks out early due to a slab allocation failure. 


diff --git a/src/xenvif/receiver.c b/src/xenvif/receiver.c
index 4807582..0ce5b67 100644
--- a/src/xenvif/receiver.c
+++ b/src/xenvif/receiver.c
@@ -266,6 +266,8 @@ __ReceiverRingGetPacket(
                            &Receiver->CacheInterface,
                            Ring->PacketCache,
                            Locked);
+    if (Packet == NULL)
+        return NULL;
ASSERT(IsZeroMemory(&Packet->Info, sizeof (XENVIF_PACKET_INFO))); 
      ASSERT3P(Packet->Ring, ==, Ring);
@@ -1788,11 +1790,11 @@ __ReceiverRingPreparePacket(
  fail2:
      Error("fail2\n");
+ __ReceiverRingPutFragment(Ring, Fragment); 
+
  fail1:
      Error("fail1 (%08x)\n", status);
- __ReceiverRingPutFragment(Ring, Fragment); 
-
      return NULL;
  }

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.