From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 29 Oct 2015 12:49:56 +0000 (+0100)
Subject: free domain's vcpu array
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~2^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=26d68238b1f19b5edb740d87afece4a07881b1f3;p=xen.git

free domain's vcpu array

This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
guest").

This is CVE-2015-7969 / XSA-149.

Reported-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
master commit: d46896ebbb23f3a9fef2eb6066ae614fd1acfd96
master date: 2015-10-29 13:35:40 +0100

(cherry picked from commit 2c57108c36eaa10885b7d0daad534348717e4f9d)

Patch-Name: CVE-2015-7969.diff

Gbp-Pq: Name CVE-2015-7969.diff
---

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 1b9fcfc3e2..796c49250e 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -833,6 +833,7 @@ static void complete_domain_destroy(struct rcu_head *head)
 
     xsm_free_security_domain(d);
     free_cpumask_var(d->domain_dirty_cpumask);
+    xfree(d->vcpu);
     free_domain_struct(d);
 
     send_global_virq(VIRQ_DOM_EXC);