From 6e97c4b37386c2d09e09e9b5d5d232e37728b960 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 29 Oct 2015 13:36:52 +0100
Subject: [PATCH] xenoprof: free domain's vcpu array

This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
guest").

This is CVE-2015-7969 / XSA-151.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
---
 xen/common/xenoprof.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index 1061323ea0..53a803a551 100644
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct(
     d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0);
     if ( d->xenoprof->rawbuf == NULL )
     {
+        xfree(d->xenoprof->vcpu);
         xfree(d->xenoprof);
         d->xenoprof = NULL;
         return -ENOMEM;
@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain *d)
         free_xenheap_pages(x->rawbuf, order);
     }
 
+    xfree(x->vcpu);
     xfree(x);
     d->xenoprof = NULL;
 }
-- 
2.39.5