From: Nathan Studer <nate.studer@dornerworks.com>
Date: Mon, 4 Nov 2013 15:21:11 +0000 (+0100)
Subject: ARINC653: fix NULL pointer dereference in free_vdata
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~6072^2
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=77b590e41517c7409ab841238683e861acc528dd;p=xen.git

ARINC653: fix NULL pointer dereference in free_vdata

The ARINC653 scheduler alloc_vdata function does not add the
idle cpu to its internal vcpu_list, but when the free_vdata
function is called, the scheduler attempted to remove the vcpu
from its internal vcpu_list, regardless of whether or not
the vcpu was the idle vcpu.  Since the idle vcpu's list field
was never initialized, a NULL pointer was passed to list_del.

When using cpupools, this resulted in a crash when moving a cpu
from an arinc653 scheduler pool.

Signed-off-by: Nathan Studer <nate.studer@dornerworks.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
index e5a423f4a6..7b7b38795e 100644
--- a/xen/common/sched_arinc653.c
+++ b/xen/common/sched_arinc653.c
@@ -418,7 +418,9 @@ a653sched_free_vdata(const struct scheduler *ops, void *priv)
     if (av == NULL)
         return;
 
-    list_del(&av->list);
+    if ( !is_idle_vcpu(av->vc) )
+        list_del(&av->list);
+
     xfree(av);
     update_schedule_vcpus(ops);
 }