From: Jan Beulich Date: Tue, 3 Mar 2020 15:01:30 +0000 (+0100) Subject: credit2: avoid NULL deref in csched2_res_pick() when tracing X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~590 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=8824fd3871a2ded6bee0f48785bf539aff46a771;p=xen.git credit2: avoid NULL deref in csched2_res_pick() when tracing The issue here results from one of the downsides of using goto: The early "goto out" and "goto out_up" in the function very clearly bypass any possible initialization of min_rqd, yet the tracing code at the end of the function consumes the value. There's even a comment regarding the trace record not being accurate in this case. CID: 1460432 Fixes: 9c84bc004653 ("sched: rework credit2 run-queue allocation") Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Acked-by: Dario Faggioli --- diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index 8ae3b80d2e..c7241944a8 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -2403,7 +2403,7 @@ csched2_res_pick(const struct scheduler *ops, const struct sched_unit *unit) } d; d.dom = unit->domain->domain_id; d.unit = unit->unit_id; - d.rq_id = min_rqd->id; + d.rq_id = min_rqd ? min_rqd->id : -1; d.b_avgload = min_avgload; d.new_cpu = new_cpu; __trace_var(TRC_CSCHED2_PICKED_CPU, 1,