From: George Dunlap <george.dunlap@eu.citrix.com>
To: Nathan Studer <nate.studer@dornerworks.com>, xen-devel@lists.xen.org
Cc: smartin@milliways.cl, robert.vanvossen@dornerworks.com
Subject: Re: [PATCH 1/2] Fix sched_priv corruption in ARINC653 alloc_vdata.
Date: Mon, 4 Nov 2013 15:49:43 +0000 [thread overview]
Message-ID: <5277C217.3080704@eu.citrix.com> (raw)
In-Reply-To: <1383252473-3067-2-git-send-email-nate.studer@dornerworks.com>
On 31/10/13 20:47, Nathan Studer wrote:
> From: Nathan Studer <nate.studer@dornerworks.com>
>
> The ARINC653 scheduler was directly assigning and manipulating
> the sched_priv field of a vcpu in its alloc_vdata function.
>
> When creating a cpu pool, this resulted in the corruption
> of the sched_priv field of the vcpu, which was then passed
> to the initial scheduler's free_vdata function with
> disastrous results.
>
> Signed-off-by: Nathan Studer <nate.studer@dornerworks.com>
Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com>
> ---
> xen/common/sched_arinc653.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
> index 2502192..a1d9443 100644
> --- a/xen/common/sched_arinc653.c
> +++ b/xen/common/sched_arinc653.c
> @@ -380,11 +380,14 @@ a653sched_deinit(const struct scheduler *ops)
> static void *
> a653sched_alloc_vdata(const struct scheduler *ops, struct vcpu *vc, void *dd)
> {
> + arinc653_vcpu_t *svc;
> +
> /*
> * Allocate memory for the ARINC 653-specific scheduler data information
> * associated with the given VCPU (vc).
> - */
> - if ( (vc->sched_priv = xmalloc(arinc653_vcpu_t)) == NULL )
> + */
> + svc = xmalloc(arinc653_vcpu_t);
> + if ( svc == NULL )
> return NULL;
>
> /*
> @@ -393,13 +396,13 @@ a653sched_alloc_vdata(const struct scheduler *ops, struct vcpu *vc, void *dd)
> * will call the vcpu_wake scheduler callback function and our scheduler
> * will mark the VCPU awake.
> */
> - AVCPU(vc)->vc = vc;
> - AVCPU(vc)->awake = 0;
> + svc->vc = vc;
> + svc->awake = 0;
> if ( !is_idle_vcpu(vc) )
> - list_add(&AVCPU(vc)->list, &SCHED_PRIV(ops)->vcpu_list);
> + list_add(&svc->list, &SCHED_PRIV(ops)->vcpu_list);
> update_schedule_vcpus(ops);
>
> - return AVCPU(vc);
> + return svc;
> }
>
> /**
next prev parent reply other threads:[~2013-11-04 15:49 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-31 20:47 [PATCH 0/2] Fix crashes with arinc653 cpupools Nathan Studer
2013-10-31 20:47 ` [PATCH 1/2] Fix sched_priv corruption in ARINC653 alloc_vdata Nathan Studer
2013-11-01 13:53 ` Andrew Cooper
2013-11-03 23:07 ` Nate Studer
2013-11-04 15:49 ` George Dunlap [this message]
2013-10-31 20:47 ` [PATCH 2/2] Fix NULL pointer dereference in ARINC653 free_vdata Nathan Studer
2013-11-01 13:56 ` Andrew Cooper
2013-11-01 14:13 ` George Dunlap
2013-11-01 14:17 ` Andrew Cooper
2013-11-03 23:01 ` Nate Studer
2013-11-04 10:46 ` George Dunlap
2013-11-04 10:55 ` Ian Campbell
2013-11-04 15:15 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5277C217.3080704@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=nate.studer@dornerworks.com \
--cc=robert.vanvossen@dornerworks.com \
--cc=smartin@milliways.cl \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.