From 8666439e6acd5a9cbc96a3ecedcf850bfd4190c0 Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Fri, 2 Mar 2007 16:26:56 +0000
Subject: [PATCH] linux: Fix xenbus device write function. Signed-off-by: Keir
 Fraser <keir@xensource.com>

---
 .../drivers/xen/xenbus/xenbus_dev.c           | 32 ++++++++++++-------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c
index 6a9eee285f..f9c1801e1a 100644
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c
@@ -173,7 +173,7 @@ static ssize_t xenbus_dev_write(struct file *filp,
 	void *reply;
 	char *path, *token;
 	struct watch_adapter *watch, *tmp_watch;
-	int err;
+	int err, rc = len;
 
 	if ((len + u->len) > sizeof(u->u.buffer))
 		return -EINVAL;
@@ -182,8 +182,9 @@ static ssize_t xenbus_dev_write(struct file *filp,
 		return -EFAULT;
 
 	u->len += len;
-	if (u->len < (sizeof(u->u.msg) + u->u.msg.len))
-		return len;
+	if ((u->len < sizeof(u->u.msg)) ||
+	    (u->len < (sizeof(u->u.msg) + u->u.msg.len)))
+		return rc;
 
 	msg_type = u->u.msg.type;
 
@@ -201,14 +202,17 @@ static ssize_t xenbus_dev_write(struct file *filp,
 	case XS_SET_PERMS:
 		if (msg_type == XS_TRANSACTION_START) {
 			trans = kmalloc(sizeof(*trans), GFP_KERNEL);
-			if (!trans)
-				return -ENOMEM;
+			if (!trans) {
+				rc = -ENOMEM;
+				goto out;
+			}
 		}
 
 		reply = xenbus_dev_request_and_reply(&u->u.msg);
 		if (IS_ERR(reply)) {
 			kfree(trans);
-			return PTR_ERR(reply);
+			rc = PTR_ERR(reply);
+			goto out;
 		}
 
 		if (msg_type == XS_TRANSACTION_START) {
@@ -231,8 +235,10 @@ static ssize_t xenbus_dev_write(struct file *filp,
 	case XS_UNWATCH:
 		path = u->u.buffer + sizeof(u->u.msg);
 		token = memchr(path, 0, u->u.msg.len);
-		if (token == NULL)
-			return -EILSEQ;
+		if (token == NULL) {
+			rc = -EILSEQ;
+			goto out;
+		}
 		token++;
 
 		if (msg_type == XS_WATCH) {
@@ -251,7 +257,8 @@ static ssize_t xenbus_dev_write(struct file *filp,
 			err = register_xenbus_watch(&watch->watch);
 			if (err) {
 				free_watch_adapter(watch);
-				return err;
+				rc = err;
+				goto out;
 			}
 			
 			list_add(&watch->list, &u->watches);
@@ -265,7 +272,6 @@ static ssize_t xenbus_dev_write(struct file *filp,
                                                  &u->watches, list) {
 				if (!strcmp(watch->token, token) &&
 				    !strcmp(watch->watch.node, path))
-					break;
 				{
 					unregister_xenbus_watch(&watch->watch);
 					list_del(&watch->list);
@@ -278,11 +284,13 @@ static ssize_t xenbus_dev_write(struct file *filp,
 		break;
 
 	default:
-		return -EINVAL;
+		rc = -EINVAL;
+		break;
 	}
 
+ out:
 	u->len = 0;
-	return len;
+	return rc;
 }
 
 static int xenbus_dev_open(struct inode *inode, struct file *filp)
-- 
2.30.2