thr3ads.net - Xen devel - [PATCH 08/11] tmem: properly drop lock on error path in do_tmem

If this information is useful, please help other people find it:
Share via:

Jan Beulich

2012-Sep-05 12:39 UTC

[PATCH 08/11] tmem: properly drop lock on error path in do_tmem_op()

This is part of XSA-15 / CVE-2012-3497.

Reported-by: Tim Deegan <tim@xen.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>

--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2659,13 +2659,19 @@ EXPORT long do_tmem_op(tmem_cli_op_t uop
     if ( client != NULL && tmh_client_is_dying(client) )
     {
         rc = -ENODEV;
-        goto out;
+        if ( tmh_lock_all )
+            goto out;
+ simple_error:
+        errored_tmem_ops++;
+        return rc;
     }
 
     if ( unlikely(tmh_get_tmemop_from_client(&op, uops) != 0) )
     {
         printk("tmem: can''t get tmem struct from
%s\n",client_str);
         rc = -EFAULT;
+        if ( !tmh_lock_all )
+            goto simple_error;
         goto out;
     }
 





_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Xen devel - Sep 2012 - [PATCH 08/11] tmem: properly drop lock on error path in do_tmem_op()

[PATCH 08/11] tmem: properly drop lock on error path in do_tmem_op()