From: Owen Smith <owen.smith@citrix.com>
Date: Wed, 26 Sep 2018 09:47:36 +0000 (+0100)
Subject: Fix BSOD on RingDestroy
X-Git-Tag: 9.0.0-rc1~31
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=9f7f8b221516c51e23beeda516fe5d37dfb12a6b;p=pvdrivers%2Fwin%2Fxenvbd.git

Fix BSOD on RingDestroy

Zero Frontend->MaxQueues after calling RingDestroy, as RingDestroy will
query this value to free each BlkifRing, which will decrement an
unsigned value below 0.
Also adds an ASSERT to detect if FrontendGetMaxQueues returns 0.

Signed-off-by: Owen Smith <owen.smith@citrix.com>

Test that Index != 0 rather than > 0, since it is an unsigned quantity.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
---

diff --git a/src/xenvbd/frontend.c b/src/xenvbd/frontend.c
index 987d237..b12e122 100644
--- a/src/xenvbd/frontend.c
+++ b/src/xenvbd/frontend.c
@@ -1976,8 +1976,6 @@ FrontendDestroy(
     Frontend->Page83.Data = NULL;
     Frontend->Page83.Size = 0;
 
-    Frontend->MaxQueues = 0;
-
     ThreadAlert(Frontend->BackendThread);
     ThreadJoin(Frontend->BackendThread);
     Frontend->BackendThread = NULL;
@@ -1988,6 +1986,8 @@ FrontendDestroy(
     RingDestroy(Frontend->Ring);
     Frontend->Ring = NULL;
 
+    Frontend->MaxQueues = 0;
+
     ASSERT3P(Frontend->BackendPath, ==, NULL);
     ASSERT3P(Frontend->BackendWatch, ==, NULL);
 
diff --git a/src/xenvbd/ring.c b/src/xenvbd/ring.c
index d595226..cd5b570 100644
--- a/src/xenvbd/ring.c
+++ b/src/xenvbd/ring.c
@@ -2338,8 +2338,9 @@ RingDestroy(
     ULONG               Index;
 
     Index = FrontendGetMaxQueues(Ring->Frontend);
+    ASSERT3U(Index, !=, 0);
 
-    while (--Index > 0) {
+    while (--Index != 0) {
         PXENVBD_BLKIF_RING  BlkifRing = Ring->Ring[Index];
 
         Ring->Ring[Index] = NULL;