xenbits.xensource.com Git - xen.git/commit

author	Jan Beulich <jbeulich@suse.com>
	Tue, 20 Jun 2017 12:37:47 +0000 (14:37 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 20 Jun 2017 12:37:47 +0000 (14:37 +0200)
commit	e7719a0dfac7a20cb7da5529e09773d8271bb78b
tree	345cf948102026c7161ce9793908a163ea58cb2f	tree
parent	de20bb6c4f65c4161e0931402613f9ffac86302d	commit \| diff

evtchn: avoid NULL derefs

Commit fbbd5009e6 ("evtchn: refactor low-level event channel port ops")
added a de-reference of the struct evtchn pointer for a port without
first making sure the bucket pointer is non-NULL. This de-reference is
actually entirely unnecessary, as all relevant callers (beyond the
problematic do_poll()) already hold the port number in their hands, and
the actual leaf functions need nothing else.

For FIFO event channels there's a second problem in that the ordering
of reads and updates to ->num_evtchns and ->event_array[] was so far
undefined (the read side isn't always holding the domain's event lock).
Add respective barriers.

This is XSA-221.

Reported-by: Ankur Arora <ankur.a.arora@oracle.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/irq.c		diff \| blob \| blame \| history
xen/common/event_2l.c		diff \| blob \| blame \| history
xen/common/event_channel.c		diff \| blob \| blame \| history
xen/common/event_fifo.c		diff \| blob \| blame \| history
xen/common/schedule.c		diff \| blob \| blame \| history
xen/include/xen/event.h		diff \| blob \| blame \| history