ARINC653: fix NULL pointer dereference in free_vdata

The ARINC653 scheduler alloc_vdata function does not add the
idle cpu to its internal vcpu_list, but when the free_vdata
function is called, the scheduler attempted to remove the vcpu
from its internal vcpu_list, regardless of whether or not
the vcpu was the idle vcpu.  Since the idle vcpu's list field
was never initialized, a NULL pointer was passed to list_del.

When using cpupools, this resulted in a crash when moving a cpu
from an arinc653 scheduler pool.

Signed-off-by: Nathan Studer <nate.studer@dornerworks.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
index e5a423f4a6334459172ff6a4d2fd36546230ef22..7b7b38795e0cdf6857b22892523bfff79ac1a68a 100644 (file)
--- a/xen/common/sched_arinc653.c
+++ b/xen/common/sched_arinc653.c
@@ -418,7 +418,9 @@ a653sched_free_vdata(const struct scheduler *ops, void *priv)
     if (av == NULL)
         return;
 
-    list_del(&av->list);
+    if ( !is_idle_vcpu(av->vc) )
+        list_del(&av->list);
+
     xfree(av);
     update_schedule_vcpus(ops);
 }