projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe4fa7d)
xen: Fix domain teardown to avoid use-after-free of vcpu structs.
authorkfraser@localhost.localdomain <kfraser@localhost.localdomain>
Mon, 4 Jun 2007 13:05:10 +0000 (14:05 +0100)
committerkfraser@localhost.localdomain <kfraser@localhost.localdomain>
Mon, 4 Jun 2007 13:05:10 +0000 (14:05 +0100)
Signed-off-by: Keir Fraser <keir@xensource.com>
xen/common/domain.c patch | blob | history

diff --git a/xen/common/domain.c b/xen/common/domain.c
index b4b339c94733ac6475602c1cfe4130673feb2872..13b02d1439741338e4a9854f5fd1adfe9a7796f1 100644 (file)
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -467,7 +467,6 @@ static void complete_domain_destroy(struct rcu_head *head)
             continue;
         vcpu_destroy(v);
         sched_destroy_vcpu(v);
-        free_vcpu_struct(v);
     }
 
     acm_domain_destroy(d);
@@ -481,6 +480,10 @@ static void complete_domain_destroy(struct rcu_head *head)
 
     sched_destroy_domain(d);
 
+    for ( i = MAX_VIRT_CPUS-1; i >= 0; i-- )
+        if ( (v = d->vcpu[i]) != NULL )
+            free_vcpu_struct(v);
+
     free_domain(d);
 
     send_guest_global_virq(dom0, VIRQ_DOM_EXC);
Unnamed repository; edit this file 'description' to name the repository.