From 765ebff1db1c2d8dd7d41ce571ddda7f7cc12e3d Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Mon, 4 Jun 2007 14:05:10 +0100
Subject: [PATCH] xen: Fix domain teardown to avoid use-after-free of vcpu
 structs. Signed-off-by: Keir Fraser <keir@xensource.com>

---
 xen/common/domain.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index b4b339c947..13b02d1439 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -467,7 +467,6 @@ static void complete_domain_destroy(struct rcu_head *head)
             continue;
         vcpu_destroy(v);
         sched_destroy_vcpu(v);
-        free_vcpu_struct(v);
     }
 
     acm_domain_destroy(d);
@@ -481,6 +480,10 @@ static void complete_domain_destroy(struct rcu_head *head)
 
     sched_destroy_domain(d);
 
+    for ( i = MAX_VIRT_CPUS-1; i >= 0; i-- )
+        if ( (v = d->vcpu[i]) != NULL )
+            free_vcpu_struct(v);
+
     free_domain(d);
 
     send_guest_global_virq(dom0, VIRQ_DOM_EXC);
-- 
2.30.2