[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.17] tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom()

commit 587823eca162d063027faf1826ec3544f0a06e78
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Feb 1 11:27:42 2023 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Feb 9 15:55:25 2023 +0000

    tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom()
    
    All caml_alloc_*() functions can throw exceptions, and longjump out of
    context.  If this happens, we leak the xch/xce handle.
    
    Reorder the logic to allocate the the Ocaml object first.
    
    Fixes: 8b3c06a3e545 ("tools/ocaml/xenctrl: OCaml 5 support, fix 
use-after-free")
    Fixes: 22d5affdf0ce ("tools/ocaml/evtchn: OCaml 5 support, fix potential 
resource leak")
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx>
    (cherry picked from commit d69ccf52ad467ccc22029172a8e61dc621187889)
---
 tools/ocaml/libs/eventchn/xeneventchn_stubs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c 
b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
index d7881ca95f..de2fc29292 100644
--- a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
+++ b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
@@ -63,6 +63,8 @@ CAMLprim value stub_eventchn_init(value cloexec)
        if ( !Bool_val(cloexec) )
                flags |= XENEVTCHN_NO_CLOEXEC;
 
+       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
+
        caml_enter_blocking_section();
        xce = xenevtchn_open(NULL, flags);
        caml_leave_blocking_section();
@@ -70,7 +72,6 @@ CAMLprim value stub_eventchn_init(value cloexec)
        if (xce == NULL)
                caml_failwith("open failed");
 
-       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
        *(xenevtchn_handle **)Data_custom_val(result) = xce;
 
        CAMLreturn(result);
@@ -82,6 +83,8 @@ CAMLprim value stub_eventchn_fdopen(value fdval)
        CAMLlocal1(result);
        xenevtchn_handle *xce;
 
+       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
+
        caml_enter_blocking_section();
        xce = xenevtchn_fdopen(NULL, Int_val(fdval), 0);
        caml_leave_blocking_section();
@@ -89,7 +92,6 @@ CAMLprim value stub_eventchn_fdopen(value fdval)
        if (xce == NULL)
                caml_failwith("evtchn fdopen failed");
 
-       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
        *(xenevtchn_handle **)Data_custom_val(result) = xce;
 
        CAMLreturn(result);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.17

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.