shutdown_domain() MUST NOT call cleanup_domain(), just flagging them
as dead is enough. cleanup_domains() for dead domains is called by
the main loop in handle_io() in a safe way already.
shutdown_domain() calling cleanup_domain() too leads struct domain
being accessed after freeing and to a double-free.
Fixed by simply dropping the cleanup_domain() call and by making the
functions called by the main loop in handle_io() ignore dead domains.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
if (d->xce_handle != -1)
xc_evtchn_close(d->xce_handle);
d->xce_handle = -1;
- cleanup_domain(d);
}
void enum_domains(void)
struct xencons_interface *intf = dom->interface;
XENCONS_RING_IDX prod;
+ if (dom->is_dead)
+ return;
+
len = ring_free_bytes(dom);
if (len == 0)
return;
{
ssize_t len;
+ if (dom->is_dead)
+ return;
+
len = write(dom->tty_fd, dom->buffer.data + dom->buffer.consumed,
dom->buffer.size - dom->buffer.consumed);
if (len < 1) {
{
evtchn_port_or_error_t port;
+ if (dom->is_dead)
+ return;
+
if ((port = xc_evtchn_pending(dom->xce_handle)) == -1)
return;
projects / xen.git / commitdiff