[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] tools/xenstored: Don't crash xenstored when Live-Update is cancelled

commit 90bafdba8ebf41c9af31b5c725a938da2a75d292
Author:     Julien GralL <jgrall@xxxxxxxxxx>
AuthorDate: Thu Jun 24 12:15:49 2021 +0100
Commit:     Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Thu Jun 24 12:15:49 2021 +0100

    tools/xenstored: Don't crash xenstored when Live-Update is cancelled
    
    As Live-Update is asynchronous, it is possible to receive a request to
    cancel it (either on the same connection or from a different one).
    
    Currently, this will crash xenstored because do_lu_start() assumes
    lu_status will be valid. This is not the case when Live-Update has been
    cancelled. This will result to dereference a NULL pointer and
    crash Xenstored.
    
    Rework do_lu_start() to check if lu_status is NULL and return an
    error in this case.
    
    Fixes: af216a99fb ("tools/xenstore: add the basic framework for doing the 
live update")
    Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
---
 tools/xenstore/xenstored_control.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tools/xenstore/xenstored_control.c 
b/tools/xenstore/xenstored_control.c
index a045f102a4..a1b1bd5a71 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -696,7 +696,18 @@ static bool do_lu_start(struct delayed_request *req)
        time_t now = time(NULL);
        const char *ret;
        struct buffered_data *saved_in;
-       struct connection *conn = lu_status->conn;
+       struct connection *conn = req->data;
+
+       /*
+        * Cancellation may have been requested asynchronously. In this
+        * case, lu_status will be NULL.
+        */
+       if (!lu_status) {
+               ret = "Cancellation was requested";
+               goto out;
+       }
+
+       assert(lu_status->conn == conn);
 
        if (!lu_check_lu_allowed()) {
                if (now < lu_status->started_at + lu_status->timeout)
@@ -747,7 +758,7 @@ static const char *lu_start(const void *ctx, struct 
connection *conn,
        lu_status->timeout = to;
        lu_status->started_at = time(NULL);
 
-       errno = delay_request(conn, conn->in, do_lu_start, NULL, false);
+       errno = delay_request(conn, conn->in, do_lu_start, conn, false);
 
        return NULL;
 }
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.