WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] Fix double-free of vpmu->context

from [SUZUKI, Kazuhiro] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] Fix double-free of vpmu->context
From: "SUZUKI, Kazuhiro" <kaz@xxxxxxxxxxxxxx>
Date: Thu, 19 Mar 2009 13:16:51 +0900 (JST)
Delivery-date: Wed, 18 Mar 2009 21:17:21 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

When `opcontrol --shutdown' is called after xenoprof is used on Dom0,
the vpmu owner becomes PMU_OWNER_NONE. So it is possible to acquire
the owner as PMU_OWNER_HVM and to allocate vpmu->context twice. As a
result, the hypervisor panics because of double-alloc/free of
vpmu->context.

This patch fixes it.

Thanks,
KAZ

Signed-off-by: Kazuhiro Suzuki <kaz@xxxxxxxxxxxxxx>

diff -r 2039e8271051 xen/arch/x86/hvm/vmx/vpmu_core2.c
--- a/xen/arch/x86/hvm/vmx/vpmu_core2.c Wed Mar 18 17:30:13 2009 +0000
+++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c Thu Mar 19 12:40:01 2009 +0900
@@ -296,7 +296,8 @@
         return 0;
 
     if ( unlikely(!(vpmu->flags & VPMU_CONTEXT_ALLOCATED)) &&
-         !core2_vpmu_alloc_resource(current) )
+        (vpmu->context != NULL ||
+         !core2_vpmu_alloc_resource(current)) )
         return 0;
     vpmu->flags |= VPMU_CONTEXT_ALLOCATED;
 
@@ -488,6 +489,7 @@
     if ( cpu_has_vmx_msr_bitmap )
         core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap);
     release_pmu_ownship(PMU_OWNER_HVM);
+    vpmu->flags &= ~VPMU_CONTEXT_ALLOCATED;
 }
 
 struct arch_vpmu_ops core2_vpmu_ops = {
diff -r 2039e8271051 xen/arch/x86/oprofile/op_model_ppro.c
--- a/xen/arch/x86/oprofile/op_model_ppro.c     Wed Mar 18 17:30:13 2009 +0000
+++ b/xen/arch/x86/oprofile/op_model_ppro.c     Thu Mar 19 12:40:01 2009 +0900
@@ -219,6 +219,8 @@
 {
        struct vpmu_struct *vpmu = vcpu_vpmu(v);
 
+       if ( !(vpmu->flags & PASSIVE_DOMAIN_ALLOCATED) )
+               return;
        xfree(vpmu->context);
        vpmu->flags &= ~PASSIVE_DOMAIN_ALLOCATED;
 }

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] Fix double-free of vpmu->context, SUZUKI, Kazuhiro <=
Previous by Date:  Re: [Xen-devel] [RFC][PATCH 0/4] PVUSB: add paravirtualized USB support for Xen, Noboru Iwamatsu
Next by Date:  [Xen-devel] RE: [PATCH] Support swap a page from user space tools -- Was RE: [RFC][PATCH] Basic support for page offline, Jiang, Yunhong
Previous by Thread:  [Xen-devel] Using splice to carry Xen granted pages through the network stack?, Jeremy Fitzhardinge
Next by Thread:  [Xen-devel] [PATCH] dom0 linux: Fix descriptions in kernel-parameters.txt, Yuji Shimada
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy