From: Julien Grall <julien.grall@linaro.org>
Date: Fri, 25 Jul 2014 14:17:26 +0000 (+0100)
Subject: xen/arm: domain_vgic_init: Avoid double free on shared_irqs
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4449
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=7b41618f5a08145b0198af4a8a2ce361d7e677e6;p=xen.git

xen/arm: domain_vgic_init: Avoid double free on shared_irqs

When the function domain_vgic_init is failing to initialize pending_irqs,
it will free shared_irqs. Few call later, domain_vgic_free will be called
an try to free a second time the same variable. This will result to a double
free.

Remove the free in domain_vgic_init and rely on domain_vgic_free to correctly
release the memory.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---

diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 6b41dbfe0f..1372ffc994 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -85,10 +85,7 @@ int domain_vgic_init(struct domain *d)
     d->arch.vgic.pending_irqs =
         xzalloc_array(struct pending_irq, d->arch.vgic.nr_lines);
     if ( d->arch.vgic.pending_irqs == NULL )
-    {
-        xfree(d->arch.vgic.shared_irqs);
         return -ENOMEM;
-    }
 
     for (i=0; i<d->arch.vgic.nr_lines; i++)
     {