Commit ff3080ba authored by Simon Gaiser's avatar Simon Gaiser Committed by Greg Kroah-Hartman

xen: xenbus_dev_frontend: Really return response string

[ Upstream commit ebf04f33 ]

xenbus_command_reply() did not actually copy the response string and
leaked stack content instead.

Fixes: 9a6161fe ("xen: return xenstore command failures via response instead of rc")
Signed-off-by: default avatarSimon Gaiser <>
Reviewed-by: default avatarJuergen Gross <>
Signed-off-by: default avatarBoris Ostrovsky <>
Signed-off-by: default avatarSasha Levin <>
Signed-off-by: default avatarGreg Kroah-Hartman <>
parent d5cf1ed8
......@@ -403,7 +403,7 @@ static int xenbus_command_reply(struct xenbus_file_priv *u,
struct {
struct xsd_sockmsg hdr;
const char body[16];
char body[16];
} msg;
int rc;
......@@ -412,6 +412,7 @@ static int xenbus_command_reply(struct xenbus_file_priv *u,
msg.hdr.len = strlen(reply) + 1;
if (msg.hdr.len > sizeof(msg.body))
return -E2BIG;
memcpy(&msg.body, reply, msg.hdr.len);
rc = queue_reply(&u->read_buffers, &msg, sizeof(msg.hdr) + msg.hdr.len);
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment