[PATCH] xen/arm: domain_vgic_init: Avoid double free on shared

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
@ 2014-07-25 14:17 Julien Grall
  2014-09-08 20:47 ` Julien Grall
  0 siblings, 1 reply; 6+ messages in thread
From: Julien Grall @ 2014-07-25 14:17 UTC (permalink / raw)
  To: xen-devel; +Cc: stefano.stabellini, Julien Grall, tim, ian.campbell

When the function domain_vgic_init is failing to initialize pending_irqs,
it will free shared_irqs. Few call later, domain_vgic_free will be called
an try to free a second time the same variable. This will result to a double
free.

Remove the free in domain_vgic_init and rely on domain_vgic_free to correctly
release the memory.

Signed-off-by: Julien Grall <julien.grall@linaro.org>

---

This patch should be backported to Xen 4.4.
---
 xen/arch/arm/vgic.c |    3 ---
 1 file changed, 3 deletions(-)

diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index aba613b..edbb71a 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -84,10 +84,7 @@ int domain_vgic_init(struct domain *d, unsigned int nr_spis)
     d->arch.vgic.pending_irqs =
         xzalloc_array(struct pending_irq, d->arch.vgic.nr_spis);
     if ( d->arch.vgic.pending_irqs == NULL )
-    {
-        xfree(d->arch.vgic.shared_irqs);
         return -ENOMEM;
-    }
 
     for (i=0; i<d->arch.vgic.nr_spis; i++)
     {
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
  2014-07-25 14:17 [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs Julien Grall
@ 2014-09-08 20:47 ` Julien Grall
  2014-09-09 11:13   ` Ian Campbell
  0 siblings, 1 reply; 6+ messages in thread
From: Julien Grall @ 2014-09-08 20:47 UTC (permalink / raw)
  To: xen-devel; +Cc: stefano.stabellini, tim, ian.campbell

Hi Ian and Stefano,

Ping?

On 25/07/14 07:17, Julien Grall wrote:
> When the function domain_vgic_init is failing to initialize pending_irqs,
> it will free shared_irqs. Few call later, domain_vgic_free will be called
> an try to free a second time the same variable. This will result to a double
> free.
>
> Remove the free in domain_vgic_init and rely on domain_vgic_free to correctly
> release the memory.
>
> Signed-off-by: Julien Grall <julien.grall@linaro.org>
>
> ---
>
> This patch should be backported to Xen 4.4.
> ---
>   xen/arch/arm/vgic.c |    3 ---
>   1 file changed, 3 deletions(-)
>
> diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> index aba613b..edbb71a 100644
> --- a/xen/arch/arm/vgic.c
> +++ b/xen/arch/arm/vgic.c
> @@ -84,10 +84,7 @@ int domain_vgic_init(struct domain *d, unsigned int nr_spis)
>       d->arch.vgic.pending_irqs =
>           xzalloc_array(struct pending_irq, d->arch.vgic.nr_spis);
>       if ( d->arch.vgic.pending_irqs == NULL )
> -    {
> -        xfree(d->arch.vgic.shared_irqs);
>           return -ENOMEM;
> -    }
>
>       for (i=0; i<d->arch.vgic.nr_spis; i++)
>       {
>

-- 
Julien Grall

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
  2014-09-08 20:47 ` Julien Grall
@ 2014-09-09 11:13   ` Ian Campbell
  2014-09-09 18:51     ` Julien Grall
  0 siblings, 1 reply; 6+ messages in thread
From: Ian Campbell @ 2014-09-09 11:13 UTC (permalink / raw)
  To: Julien Grall; +Cc: xen-devel, tim, stefano.stabellini

Sorry, this one wasn't in my queue foirld for some reason. Acked +
applied.

On Mon, 2014-09-08 at 13:47 -0700, Julien Grall wrote:
> Hi Ian and Stefano,
> 
> Ping?
> 
> On 25/07/14 07:17, Julien Grall wrote:
> > When the function domain_vgic_init is failing to initialize pending_irqs,
> > it will free shared_irqs. Few call later, domain_vgic_free will be called
> > an try to free a second time the same variable. This will result to a double
> > free.
> >
> > Remove the free in domain_vgic_init and rely on domain_vgic_free to correctly
> > release the memory.
> >
> > Signed-off-by: Julien Grall <julien.grall@linaro.org>
> >
> > ---
> >
> > This patch should be backported to Xen 4.4.
> > ---
> >   xen/arch/arm/vgic.c |    3 ---
> >   1 file changed, 3 deletions(-)
> >
> > diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
> > index aba613b..edbb71a 100644
> > --- a/xen/arch/arm/vgic.c
> > +++ b/xen/arch/arm/vgic.c
> > @@ -84,10 +84,7 @@ int domain_vgic_init(struct domain *d, unsigned int nr_spis)
> >       d->arch.vgic.pending_irqs =
> >           xzalloc_array(struct pending_irq, d->arch.vgic.nr_spis);
> >       if ( d->arch.vgic.pending_irqs == NULL )
> > -    {
> > -        xfree(d->arch.vgic.shared_irqs);
> >           return -ENOMEM;
> > -    }
> >
> >       for (i=0; i<d->arch.vgic.nr_spis; i++)
> >       {
> >
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
  2014-09-09 11:13   ` Ian Campbell
@ 2014-09-09 18:51     ` Julien Grall
  2014-09-10  9:27       ` Ian Campbell
  0 siblings, 1 reply; 6+ messages in thread
From: Julien Grall @ 2014-09-09 18:51 UTC (permalink / raw)
  To: Ian Campbell; +Cc: xen-devel, Tim Deegan, Stefano.Stabellini@citrix.com

On 9 September 2014 04:13, Ian Campbell <Ian.Campbell@citrix.com> wrote:
> Sorry, this one wasn't in my queue foirld for some reason. Acked +
> applied.

Thanks! The double free is also present on Xen 4.4. Can you put it on
your backport list?

Regards,

-- 
Julien Grall

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
  2014-09-09 18:51     ` Julien Grall
@ 2014-09-10  9:27       ` Ian Campbell
  2014-09-10 19:04         ` Julien Grall
  0 siblings, 1 reply; 6+ messages in thread
From: Ian Campbell @ 2014-09-10  9:27 UTC (permalink / raw)
  To: Julien Grall; +Cc: xen-devel, Tim Deegan, Stefano.Stabellini@citrix.com

On Tue, 2014-09-09 at 11:51 -0700, Julien Grall wrote:
> On 9 September 2014 04:13, Ian Campbell <Ian.Campbell@citrix.com> wrote:
> > Sorry, this one wasn't in my queue foirld for some reason. Acked +
> > applied.
> 
> Thanks! The double free is also present on Xen 4.4. Can you put it on
> your backport list?

It's already there, I should have said.

Ian.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs
  2014-09-10  9:27       ` Ian Campbell
@ 2014-09-10 19:04         ` Julien Grall
  0 siblings, 0 replies; 6+ messages in thread
From: Julien Grall @ 2014-09-10 19:04 UTC (permalink / raw)
  To: Ian Campbell; +Cc: xen-devel, Tim Deegan, Stefano.Stabellini@citrix.com



On 10/09/14 02:27, Ian Campbell wrote:
> On Tue, 2014-09-09 at 11:51 -0700, Julien Grall wrote:
>> On 9 September 2014 04:13, Ian Campbell <Ian.Campbell@citrix.com> wrote:
>>> Sorry, this one wasn't in my queue foirld for some reason. Acked +
>>> applied.
>>
>> Thanks! The double free is also present on Xen 4.4. Can you put it on
>> your backport list?
>
> It's already there, I should have said.

Thanks!

-- 
Julien Grall

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-09-10 19:04 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-25 14:17 [PATCH] xen/arm: domain_vgic_init: Avoid double free on shared_irqs Julien Grall
2014-09-08 20:47 ` Julien Grall
2014-09-09 11:13   ` Ian Campbell
2014-09-09 18:51     ` Julien Grall
2014-09-10  9:27       ` Ian Campbell
2014-09-10 19:04         ` Julien Grall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).