xsm:acm: Fix nul dereference bug (take 2).

author Keir Fraser <keir@xensource.com>

Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)

committer Keir Fraser <keir@xensource.com>

Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)
author Keir Fraser <keir@xensource.com>
Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)
committer Keir Fraser <keir@xensource.com>
Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)
diff --git a/xen/include/xsm/acm/acm_core.h b/xen/include/xsm/acm/acm_core.h

index b6d30d7c7b331060a416268ea89b3816ddd19ad6..df6ea6385198e87b66707636457fbf959bd9b18f 100644 (file)
--- a/xen/include/xsm/acm/acm_core.h
+++ b/xen/include/xsm/acm/acm_core.h
@@ -154,7 +154,7 @@ static inline int acm_array_append_tuple(struct acm_sized_buffer *buf,
  
  /* protos */
  int acm_init_domain_ssid(struct domain *, ssidref_t ssidref);
-void acm_free_domain_ssid(struct acm_ssid_domain *ssid);
+void acm_free_domain_ssid(struct domain *);
  int acm_init_binary_policy(u32 policy_code);
  int acm_set_policy(XEN_GUEST_HANDLE_64(void) buf, u32 buf_size);
  int do_acm_set_policy(void *buf, u32 buf_size, int is_bootpolicy,
diff --git a/xen/include/xsm/acm/acm_hooks.h b/xen/include/xsm/acm/acm_hooks.h

index 54bd15e2a00162aef45a085179c4eb8c559bb837..f3ca68fa01336cc82ce329158da30df74df05fa6 100644 (file)
--- a/xen/include/xsm/acm/acm_hooks.h
+++ b/xen/include/xsm/acm/acm_hooks.h
@@ -258,7 +258,7 @@ static inline void acm_domain_destroy(struct domain *d)
              acm_secondary_ops->domain_destroy(ssid, d);
          /* free security ssid for the destroyed domain (also if null policy */
          acm_domain_ssid_off_list(ssid);
-        acm_free_domain_ssid((struct acm_ssid_domain *)(ssid));
+        acm_free_domain_ssid(d);
      }
  }
  
@@ -294,7 +294,7 @@ static inline int acm_domain_create(struct domain *d, ssidref_t ssidref)
      {
          acm_domain_ssid_onto_list(d->ssid);
      } else {
-        acm_free_domain_ssid(d->ssid);
+        acm_free_domain_ssid(d);
      }
  
  error_out:
diff --git a/xen/xsm/acm/acm_core.c b/xen/xsm/acm/acm_core.c

index 59a281446d27195646816475ebd4b64a6298afcc..3133877cf4063594693237f4e026bd3e7a969b2a 100644 (file)
--- a/xen/xsm/acm/acm_core.c
+++ b/xen/xsm/acm/acm_core.c
@@ -361,7 +361,7 @@ int acm_init_domain_ssid(struct domain *subj, ssidref_t ssidref)
      {
          printk("%s: ERROR instantiating individual ssids for domain 0x%02x.\n",
                 __func__, subj->domain_id);
-        acm_free_domain_ssid(ssid);
+        acm_free_domain_ssid(subj);
          return ACM_INIT_SSID_ERROR;
      }
  
@@ -372,8 +372,10 @@ int acm_init_domain_ssid(struct domain *subj, ssidref_t ssidref)
  
  
  void
-acm_free_domain_ssid(struct acm_ssid_domain *ssid)
+acm_free_domain_ssid(struct domain *d)
  {
+    struct acm_ssid_domain *ssid = d->ssid;
+    
      /* domain is already gone, just ssid is left */
      if (ssid == NULL)
          return;
@@ -387,6 +389,8 @@ acm_free_domain_ssid(struct acm_ssid_domain *ssid)
      ssid->secondary_ssid = NULL;
  
      xfree(ssid);
+    d->ssid = NULL;
+    
      printkd("%s: Freed individual domain ssid (domain=%02x).\n",
              __func__, id);
  }
author	Keir Fraser <keir@xensource.com>
	Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)
committer	Keir Fraser <keir@xensource.com>
	Mon, 1 Oct 2007 05:36:25 +0000 (06:36 +0100)
xen/include/xsm/acm/acm_core.h		patch \| blob \| blame \| history
xen/include/xsm/acm/acm_hooks.h		patch \| blob \| blame \| history
xen/xsm/acm/acm_core.c		patch \| blob \| blame \| history