* [PATCH] dmar: Fix double free in error paths following c/s a8bc99b
@ 2015-07-16 11:57 Andrew Cooper
2015-07-16 13:22 ` Jan Beulich
2015-07-20 1:31 ` Tian, Kevin
0 siblings, 2 replies; 3+ messages in thread
From: Andrew Cooper @ 2015-07-16 11:57 UTC (permalink / raw)
To: Xen-devel
Cc: Elena Ufimtseva, Andrew Cooper, Kevin Tian, Yang Zhang, Jan Beulich
Several error paths would end up freeing scope->devices twice.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Elena Ufimtseva <elena.ufimtseva@oracle.com>
CC: Yang Zhang <yang.z.zhang@intel.com>
CC: Kevin Tian <kevin.tian@intel.com>
---
xen/drivers/passthrough/vtd/dmar.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c
index 8ed1e24..2672688 100644
--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -88,6 +88,7 @@ static void scope_devices_free(struct dmar_scope *scope)
scope->devices_cnt = 0;
xfree(scope->devices);
+ scope->devices = NULL;
}
static void __init disable_all_dmar_units(void)
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] dmar: Fix double free in error paths following c/s a8bc99b
2015-07-16 11:57 [PATCH] dmar: Fix double free in error paths following c/s a8bc99b Andrew Cooper
@ 2015-07-16 13:22 ` Jan Beulich
2015-07-20 1:31 ` Tian, Kevin
1 sibling, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2015-07-16 13:22 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Yang Zhang, Elena Ufimtseva, Kevin Tian, Xen-devel
>>> On 16.07.15 at 13:57, <andrew.cooper3@citrix.com> wrote:
> Several error paths would end up freeing scope->devices twice.
Of course it depends how you count, but I can spot exactly one
broken case - in acpi_parse_dev_scope(). All other callers of
scope_devices_free() free the container right afterwards afaics.
Jan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] dmar: Fix double free in error paths following c/s a8bc99b
2015-07-16 11:57 [PATCH] dmar: Fix double free in error paths following c/s a8bc99b Andrew Cooper
2015-07-16 13:22 ` Jan Beulich
@ 2015-07-20 1:31 ` Tian, Kevin
1 sibling, 0 replies; 3+ messages in thread
From: Tian, Kevin @ 2015-07-20 1:31 UTC (permalink / raw)
To: Andrew Cooper, Xen-devel; +Cc: Elena Ufimtseva, Zhang, Yang Z, Jan Beulich
> From: Andrew Cooper [mailto:andrew.cooper3@citrix.com]
> Sent: Thursday, July 16, 2015 7:57 PM
>
> Several error paths would end up freeing scope->devices twice.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Elena Ufimtseva <elena.ufimtseva@oracle.com>
> CC: Yang Zhang <yang.z.zhang@intel.com>
> CC: Kevin Tian <kevin.tian@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
> ---
> xen/drivers/passthrough/vtd/dmar.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c
> index 8ed1e24..2672688 100644
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -88,6 +88,7 @@ static void scope_devices_free(struct dmar_scope *scope)
>
> scope->devices_cnt = 0;
> xfree(scope->devices);
> + scope->devices = NULL;
> }
>
> static void __init disable_all_dmar_units(void)
> --
> 1.7.10.4
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-20 1:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-16 11:57 [PATCH] dmar: Fix double free in error paths following c/s a8bc99b Andrew Cooper
2015-07-16 13:22 ` Jan Beulich
2015-07-20 1:31 ` Tian, Kevin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).