* Re: [libvirt] [PATCH libvirt] libxl: avoid freeing an uninitialised bitmap [not found] <1434731610-25257-1-git-send-email-ian.campbell@citrix.com> @ 2015-06-19 16:54 ` Eric Blake [not found] ` <5584495D.9020402@redhat.com> 1 sibling, 0 replies; 2+ messages in thread From: Eric Blake @ 2015-06-19 16:54 UTC (permalink / raw) To: Ian Campbell, Jim Fehlig; +Cc: libvir-list, xen-devel [-- Attachment #1.1: Type: text/plain, Size: 1102 bytes --] On 06/19/2015 10:33 AM, Ian Campbell wrote: > If vm->def->cputune.nvcpupin is 0 in libxlDomainSetVcpuAffinities (as > seems to be the case on arm) then the VIR_FREE after cleanup: would be > operating on an uninitialised pointer in map.map. > > Fix this by using libxl_bitmap_init and libxl_bitmap_dispose in the > appropriate places (like VIR_FREE libxl_bitmap_dispose is also s/VIR_FREE/VIR_FREE,/ > idempotent, so there is no double free on exit from the loop). > > libxl_bitmap_dispose is slightly preferable since it also sets > map.size back to 0, avoiding a potential source of confusion. > > This fixes the crashes we've been seeing in the Xen automated tests on > ARM. > > I had a glance at the handful of other users of libxl_bitmap and none > of them looked to have a similar issue. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > --- > src/libxl/libxl_domain.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org [-- Attachment #1.2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 604 bytes --] [-- Attachment #2: Type: text/plain, Size: 126 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 2+ messages in thread
[parent not found: <5584495D.9020402@redhat.com>]
* Re: [libvirt] [PATCH libvirt] libxl: avoid freeing an uninitialised bitmap [not found] ` <5584495D.9020402@redhat.com> @ 2015-06-19 19:20 ` Jim Fehlig 0 siblings, 0 replies; 2+ messages in thread From: Jim Fehlig @ 2015-06-19 19:20 UTC (permalink / raw) To: Eric Blake, Ian Campbell; +Cc: libvir-list, xen-devel On 06/19/2015 10:54 AM, Eric Blake wrote: > On 06/19/2015 10:33 AM, Ian Campbell wrote: >> If vm->def->cputune.nvcpupin is 0 in libxlDomainSetVcpuAffinities (as >> seems to be the case on arm) then the VIR_FREE after cleanup: would be >> operating on an uninitialised pointer in map.map. >> >> Fix this by using libxl_bitmap_init and libxl_bitmap_dispose in the >> appropriate places (like VIR_FREE libxl_bitmap_dispose is also > s/VIR_FREE/VIR_FREE,/ > >> idempotent, so there is no double free on exit from the loop). >> >> libxl_bitmap_dispose is slightly preferable since it also sets >> map.size back to 0, avoiding a potential source of confusion. >> >> This fixes the crashes we've been seeing in the Xen automated tests on >> ARM. >> >> I had a glance at the handful of other users of libxl_bitmap and none >> of them looked to have a similar issue. >> >> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> >> --- >> src/libxl/libxl_domain.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) > ACK. Modified the commit message as suggested and pushed. Thanks! Regards, Jim ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-06-19 19:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1434731610-25257-1-git-send-email-ian.campbell@citrix.com>
2015-06-19 16:54 ` [libvirt] [PATCH libvirt] libxl: avoid freeing an uninitialised bitmap Eric Blake
[not found] ` <5584495D.9020402@redhat.com>
2015-06-19 19:20 ` Jim Fehlig
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.