xenbits.xensource.com Git - xen.git/commit

author	Jason Andryuk <jandryuk@gmail.com>
	Fri, 1 Apr 2022 14:32:56 +0000 (10:32 -0400)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 1 Apr 2022 16:01:57 +0000 (17:01 +0100)
commit	d2ecf97f911fc00a85b34b70ca311b5d355a9756
tree	71bc4e18abee4da66fe5bfe3dbba782ea0737f0f	tree
parent	e7cfcdc6719d586eb7cdb62d40275a7d17fe6760	commit \| diff

libxl: Don't segfault on soft-reset failure

If domain_soft_reset_cb can't rename the save file, it doesn't call
initiate_domain_create() and calls domcreate_complete().

Skipping initiate_domain_create() means dcs->console_wait is
uninitialized and all 0s.

We have:
  domcreate_complete()
    libxl__xswait_stop()
      libxl__ev_xswatch_deregister().

The uninitialized slotnum 0 is considered valid (-1 is the invalid
sentinel), so the NULL pointer path to passed to xs_unwatch() which
segfaults.

libxl__ev_xswatch_deregister:watch w=0x12bc250 wpath=(null) token=0/0: deregister slotnum=0

Move dcs->console_xswait initialization into the callers of
initiate_domain_create, do_domain_create() and do_domain_soft_reset(),
so it is initialized along with the other dcs state.

Fixes: c57e6ebd8c3e ("(lib)xl: soft reset support")
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>