xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-unstable] xen: Fix domain teardown to avoid use-aft

from [Xen patchbot-unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-unstable] xen: Fix domain teardown to avoid use-after-free of vcpu structs.
From:	Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Mon, 11 Jun 2007 02:22:05 -0700
Delivery-date:	Mon, 11 Jun 2007 02:24:17 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1180962310 -3600
# Node ID c388a2ff1b8e1fba4fe88cd9365e493b715abf25
# Parent  267ccb919967944c1d443af13376b0d3cd3e774c
xen: Fix domain teardown to avoid use-after-free of vcpu structs.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 xen/common/domain.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletion(-)

diff -r 267ccb919967 -r c388a2ff1b8e xen/common/domain.c
--- a/xen/common/domain.c       Mon Jun 04 12:47:53 2007 +0100
+++ b/xen/common/domain.c       Mon Jun 04 14:05:10 2007 +0100
@@ -467,7 +467,6 @@ static void complete_domain_destroy(stru
             continue;
         vcpu_destroy(v);
         sched_destroy_vcpu(v);
-        free_vcpu_struct(v);
     }
 
     acm_domain_destroy(d);
@@ -480,6 +479,10 @@ static void complete_domain_destroy(stru
     arch_domain_destroy(d);
 
     sched_destroy_domain(d);
+
+    for ( i = MAX_VIRT_CPUS-1; i >= 0; i-- )
+        if ( (v = d->vcpu[i]) != NULL )
+            free_vcpu_struct(v);
 
     free_domain(d);
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-unstable] xen: Fix domain teardown to avoid use-after-free of vcpu structs., Xen patchbot-unstable <=

Previous by Date:	[Xen-changelog] [xen-unstable] If we find a Linux repository in $(LINUX_SRC_PATH) then symlink it, Xen patchbot-unstable
Next by Date:	[Xen-changelog] [xen-unstable] [HVM] Save/restore: trigger FPU state save based on v->fpu_initialised, Xen patchbot-unstable
Previous by Thread:	[Xen-changelog] [xen-unstable] If we find a Linux repository in $(LINUX_SRC_PATH) then symlink it, Xen patchbot-unstable
Next by Thread:	[Xen-changelog] [xen-unstable] [HVM] Save/restore: trigger FPU state save based on v->fpu_initialised, Xen patchbot-unstable
Indexes:	[Date] [Thread] [Top] [All Lists]