From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH for-4.10] xen/domctl: Fix Xen heap leak via
	XEN_DOMCTL_getvcpucontext
Date: Mon, 9 Oct 2017 11:07:18 +0100
Message-ID: <1507543638-13706-1-git-send-email-andrew.cooper3@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Julien Grall <julien.grall@arm.com>, Jan Beulich <jbeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

VGhlIGJhY2tpbmcgc3RydWN0dXJlIGZvciBYRU5fRE9NQ1RMX2dldHZjcHVjb250ZXh0IGlzIG9u
bHkgemVyb2VkIGluIHRoZSB4ODYKSFZNIGNhc2UuICBBdCB0aGUgdmVyeSBsZWFzdCwgdGhpcyBt
ZWFucyB0aGF0IEFSTSByZXR1cm5zIGp1bmsgdGhyb3VnaCBpdHMKZmxhZ3MgZmllbGQgKGFzIGl0
IGlzIG9ubHkgZXZlciBjb25kaXRpb25hbGx5IG9yJ2QgaW50byksIGFuZCB4ODYgUFYgbGVha3MK
ZGF0YSB0aHJvdWdoIGdkdF9mcmFtZXNbMTQuLi4xNV0uICAoQW4gZXhoYXVzdGl2ZSBzZWFyY2gg
Zm9yIG90aGVyIGxlYWtzCmhhc24ndCBiZWVuIHBlcmZvcm1lZCkuCgpVbmNvbmRpdGlvbmFsbHkg
emVybyB0aGUgbWVtb3J5IHVwb24gYWxsb2NhdGlvbiwgYW5kIGZvcmdvIHRoZSBkb3VibGUgY2xl
YXIKZm9yIHg4NiBIVk0uICBUaGVzZSBoeXBlcmNhbGxzIGFyZSBub3Qgb24gaG90cGF0aHMuCgpO
b3RlIHRoYXQgdGhpcyBkb2VzIG5vdCBxdWFsaWZ5IGZvciBhbiBYU0EuICBQZXIgWFNBLTc3LApY
RU5fRE9NQ1RMX2dldHZjcHVjb250ZXh0IGlzIHVuc2FmZSBmb3IgZGlzYWdncmVnYXRpb24sIG1l
YW5pbmcgdGhhdCBvbmx5IHRoZQpjb250cm9sIGRvbWFpbiBjYW4gdXNlIHRoaXMgaHlwZXJjYWxs
LgoKU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv
bT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KLS0tCkNDOiBK
dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKVGhpcyBzaG91bGQgYmUgYmFja3Bv
cnRlZCB0byBzdGFibGUgYnJhbmNoZXMKLS0tCiB4ZW4vYXJjaC94ODYvZG9tY3RsLmMgfCAyIC0t
CiB4ZW4vY29tbW9uL2RvbWN0bC5jICAgfCAyICstCiAyIGZpbGVzIGNoYW5nZWQsIDEgaW5zZXJ0
aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9kb21jdGwu
YyBiL3hlbi9hcmNoL3g4Ni9kb21jdGwuYwppbmRleCA1NDBiYTA4Li4xYjIwOGY5IDEwMDY0NAot
LS0gYS94ZW4vYXJjaC94ODYvZG9tY3RsLmMKKysrIGIveGVuL2FyY2gveDg2L2RvbWN0bC5jCkBA
IC0xNTMwLDggKzE1MzAsNiBAQCB2b2lkIGFyY2hfZ2V0X2luZm9fZ3Vlc3Qoc3RydWN0IHZjcHUg
KnYsIHZjcHVfZ3Vlc3RfY29udGV4dF91IGMpCiAgICAgYm9vbCBjb21wYXQgPSBpc19wdl8zMmJp
dF9kb21haW4oZCk7CiAjZGVmaW5lIGMoZmxkKSAoIWNvbXBhdCA/IChjLm5hdC0+ZmxkKSA6IChj
LmNtcC0+ZmxkKSkKIAotICAgIGlmICggIWlzX3B2X2RvbWFpbihkKSApCi0gICAgICAgIG1lbXNl
dChjLm5hdCwgMCwgc2l6ZW9mKCpjLm5hdCkpOwogICAgIG1lbWNweSgmYy5uYXQtPmZwdV9jdHh0
LCB2LT5hcmNoLmZwdV9jdHh0LCBzaXplb2YoYy5uYXQtPmZwdV9jdHh0KSk7CiAgICAgYyhmbGFn
cyA9IHYtPmFyY2gudmdjX2ZsYWdzICYgfihWR0NGX2kzODdfdmFsaWR8VkdDRl9pbl9rZXJuZWwp
KTsKICAgICBpZiAoIHYtPmZwdV9pbml0aWFsaXNlZCApCmRpZmYgLS1naXQgYS94ZW4vY29tbW9u
L2RvbWN0bC5jIGIveGVuL2NvbW1vbi9kb21jdGwuYwppbmRleCBkMDNiYmYyLi4zYzZmYTRlIDEw
MDY0NAotLS0gYS94ZW4vY29tbW9uL2RvbWN0bC5jCisrKyBiL3hlbi9jb21tb24vZG9tY3RsLmMK
QEAgLTg2OSw3ICs4NjksNyBAQCBsb25nIGRvX2RvbWN0bChYRU5fR1VFU1RfSEFORExFX1BBUkFN
KHhlbl9kb21jdGxfdCkgdV9kb21jdGwpCiAgICAgICAgICAgICAgICAgICAgICA8IHNpemVvZihz
dHJ1Y3QgY29tcGF0X3ZjcHVfZ3Vlc3RfY29udGV4dCkpOwogI2VuZGlmCiAgICAgICAgIHJldCA9
IC1FTk9NRU07Ci0gICAgICAgIGlmICggKGMubmF0ID0geG1hbGxvYyhzdHJ1Y3QgdmNwdV9ndWVz
dF9jb250ZXh0KSkgPT0gTlVMTCApCisgICAgICAgIGlmICggKGMubmF0ID0geHphbGxvYyhzdHJ1
Y3QgdmNwdV9ndWVzdF9jb250ZXh0KSkgPT0gTlVMTCApCiAgICAgICAgICAgICBnb3RvIGdldHZj
cHVjb250ZXh0X291dDsKIAogICAgICAgICB2Y3B1X3BhdXNlKHYpOwotLSAKMi4xLjQKCgpfX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFp
bGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54ZW4ub3JnCmh0dHBzOi8vbGlzdHMueGVuLm9yZy94
ZW4tZGV2ZWwK