WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] x86, hvm: Fix double-free of vpmu->contex

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] x86, hvm: Fix double-free of vpmu->context
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Mar 2009 10:10:12 -0700
Delivery-date: Thu, 19 Mar 2009 10:11:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1237457101 0
# Node ID 4b2d8b1c395ad64377f9fc124d806ffa786d280d
# Parent  f0d033f0a319d4ce0b20244cee68998a7afd3317
x86, hvm: Fix double-free of vpmu->context

When `opcontrol --shutdown' is called after xenoprof is used on Dom0,
the vpmu owner becomes PMU_OWNER_NONE. So it is possible to acquire
the owner as PMU_OWNER_HVM and to allocate vpmu->context twice. As a
result, the hypervisor panics because of double-alloc/free of
vpmu->context.

Signed-off-by: Kazuhiro Suzuki <kaz@xxxxxxxxxxxxxx>
---
 xen/arch/x86/hvm/vmx/vpmu_core2.c     |    4 +++-
 xen/arch/x86/oprofile/op_model_ppro.c |    2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff -r f0d033f0a319 -r 4b2d8b1c395a xen/arch/x86/hvm/vmx/vpmu_core2.c
--- a/xen/arch/x86/hvm/vmx/vpmu_core2.c Thu Mar 19 10:04:15 2009 +0000
+++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c Thu Mar 19 10:05:01 2009 +0000
@@ -296,7 +296,8 @@ static int core2_vpmu_msr_common_check(u
         return 0;
 
     if ( unlikely(!(vpmu->flags & VPMU_CONTEXT_ALLOCATED)) &&
-         !core2_vpmu_alloc_resource(current) )
+        (vpmu->context != NULL ||
+         !core2_vpmu_alloc_resource(current)) )
         return 0;
     vpmu->flags |= VPMU_CONTEXT_ALLOCATED;
 
@@ -488,6 +489,7 @@ static void core2_vpmu_destroy(struct vc
     if ( cpu_has_vmx_msr_bitmap )
         core2_vpmu_unset_msr_bitmap(v->arch.hvm_vmx.msr_bitmap);
     release_pmu_ownship(PMU_OWNER_HVM);
+    vpmu->flags &= ~VPMU_CONTEXT_ALLOCATED;
 }
 
 struct arch_vpmu_ops core2_vpmu_ops = {
diff -r f0d033f0a319 -r 4b2d8b1c395a xen/arch/x86/oprofile/op_model_ppro.c
--- a/xen/arch/x86/oprofile/op_model_ppro.c     Thu Mar 19 10:04:15 2009 +0000
+++ b/xen/arch/x86/oprofile/op_model_ppro.c     Thu Mar 19 10:05:01 2009 +0000
@@ -219,6 +219,8 @@ static void ppro_free_msr(struct vcpu *v
 {
        struct vpmu_struct *vpmu = vcpu_vpmu(v);
 
+       if ( !(vpmu->flags & PASSIVE_DOMAIN_ALLOCATED) )
+               return;
        xfree(vpmu->context);
        vpmu->flags &= ~PASSIVE_DOMAIN_ALLOCATED;
 }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] x86, hvm: Fix double-free of vpmu->context, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] build system cleanup - get rid of some hardcoded paths, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] x86: Ensure we execute LTR when running on non-compat GDT which has, Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] build system cleanup - get rid of some hardcoded paths, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] x86: Ensure we execute LTR when running on non-compat GDT which has, Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy