From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Subject: xl network-attach SEGV in 4.2 and 4.1
Date: Wed, 17 Apr 2013 04:49:51 +0200
Message-ID: <516E0DCF.9090001@invisiblethingslab.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

4.2 and 4.1 suffers from SEGV during xl network-attach in
libxl__device_nic_add. In 4.3-unstable it is fixed by:
5420f2650 libxl: Set vfb and vkb devid if not done so by the caller

So either the patch need to be backported to 4.1 and 4.2, or fixed by this one:
- ------
libxl: Fix SEGV in network-attach

When "device/vif" directory exists but is empty l!=NULL, but nb==0, so
l[nb-1] is invalid. Add missing check.

Signed-Off-by: Marek Marczykowski <marmarek@invisiblethingslab.com>

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 5783cd2..9e06a7d 100644
- --- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -2569,7 +2569,8 @@ void libxl__device_nic_add(libxl__egc *egc, uint32_t
domid,
             goto out_free;
         }
         if (!(l = libxl__xs_directory(gc, XBT_NULL,
- -                                     libxl__sprintf(gc, "%s/device/vif",
dompath), &nb))) {
+                                     libxl__sprintf(gc, "%s/device/vif",
dompath), &nb)) ||
+                nb == 0) {
             nic->devid = 0;
         } else {
             nic->devid = strtoul(l[nb - 1], NULL, 10) + 1;

- -- 
Best Regards / Pozdrawiam,
Marek Marczykowski
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRbg3PAAoJENuP0xzK19cs0qQH/2mR6lUwj75tKCckFJfM7HPJ
6YEqDvdunmCXr7Wcf9p+Z6RRsnjie9ihDwxbaP4b5XYMLW59YbvZEb3tyrIADYJy
gGwE+8xn3Jx0NjiRCJF5O2nF3w9I5W9o5sUMbXporo/Tu4X0e3PJ6wb1JseZWsLL
mVl3bjwIChos6eKsAKOuHIPqFCASsKIGJibrkWva9LqQ4k/xgjTshCgmbAgEITEo
8fAZbTRL/SM91qX5a+2ynUf/0h5Sb/IvLyLwm86n1wsqLoJ261VMgAOsXxYGUTBM
Pr5Gvc+s5VdhA0iY4IYE8GuQ99MnaXO6T+JSenpfJ3L26LSMvHkImFLqI3ljhzE=
=FWNX
-----END PGP SIGNATURE-----