]> xenbits.xensource.com Git - xen.git/commit
projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a73eb4) | patch
pirq_cleanup_check() leaks
authorJan Beulich <jbeulich@suse.com>
Tue, 2 Jul 2024 06:35:56 +0000 (08:35 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 2 Jul 2024 06:35:56 +0000 (08:35 +0200)
commitdaa90dfea9175c07f13d1a2d901857b2dd14d080
treec2de1857bb60c4259f067a868f6791e5ff1b7c8atree
parent4a73eb4c205d6b2d3e44f3f9ec98dc0e44481f7bcommit | diff
pirq_cleanup_check() leaks

Its original introduction had two issues: For one the "common" part of
the checks (carried out in the macro) was inverted. And then after
removal from the radix tree the structure wasn't scheduled for freeing.
(All structures still left in the radix tree would be freed upon domain
destruction, though.)

For the freeing to be safe even if it didn't use RCU (i.e. to avoid use-
after-free), re-arrange checks/operations in evtchn_close(), such that
the pointer wouldn't be used anymore after calling pirq_cleanup_check()
(noting that unmap_domain_pirq_emuirq() itself calls the function in the
success case).

Fixes: c24536b636f2 ("replace d->nr_pirqs sized arrays with radix tree")
Fixes: 79858fee307c ("xen: fix hvm_domain_use_pirq's behavior")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Release-Acked-By: Oleksii Kurochko <oleksii.kurochko@gmail.com>
xen/arch/x86/irq.c diff | blob | blame | history
xen/common/event_channel.c diff | blob | blame | history
xen/include/xen/irq.h diff | blob | blame | history
Xen (staging and unstable) mirror