[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] xen/dt-overlay: fix rangeset leak and dead code in domctl path

commit ca3f5e85aa4ed8273537b31820e97b94efd667ef
Author:     Michal Orzel <michal.orzel@xxxxxxx>
AuthorDate: Wed Apr 15 13:36:56 2026 +0200
Commit:     Michal Orzel <michal.orzel@xxxxxxx>
CommitDate: Wed Apr 29 07:37:58 2026 +0200

    xen/dt-overlay: fix rangeset leak and dead code in domctl path
    
    handle_attach_overlay_nodes() unconditionally creates new rangesets
    without checking whether they already exist from a prior attach. A
    repeated attach for the same overlay leaks the original pair. Reject the
    operation with -EEXIST if rangesets are already present.
    
    Also, dt_overlay_domctl() early-returns -EOPNOTSUPP for any operation
    other than ATTACH, making the if/else at the bottom unreachable. Remove
    the dead branch.
    
    Fixes: 4c733873b5c2 ("xen/arm: Add XEN_DOMCTL_dt_overlay and device 
attachment to domains")
    Reported-by: Jan Beulich <jbeulich@xxxxxxxx>
    Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
    Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
    Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
 xen/common/device-tree/dt-overlay.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/xen/common/device-tree/dt-overlay.c 
b/xen/common/device-tree/dt-overlay.c
index 6fa07dbf42..3853e6e347 100644
--- a/xen/common/device-tree/dt-overlay.c
+++ b/xen/common/device-tree/dt-overlay.c
@@ -861,6 +861,13 @@ static long handle_attach_overlay_nodes(struct domain *d,
         goto out;
     }
 
+    if ( entry->irq_ranges || entry->iomem_ranges )
+    {
+        printk(XENLOG_ERR "Overlay is already attached\n");
+        spin_unlock(&overlay_lock);
+        return -EEXIST;
+    }
+
     entry->irq_ranges = rangeset_new(d, "Overlays: Interrupts", 0);
     if (entry->irq_ranges == NULL)
     {
@@ -991,10 +998,7 @@ long dt_overlay_domctl(struct domain *d, struct 
xen_domctl_dt_overlay *op)
         return -EFAULT;
     }
 
-    if ( op->overlay_op == XEN_DOMCTL_DT_OVERLAY_ATTACH )
-        ret = handle_attach_overlay_nodes(d, overlay_fdt, 
op->overlay_fdt_size);
-    else
-        ret = -EOPNOTSUPP;
+    ret = handle_attach_overlay_nodes(d, overlay_fdt, op->overlay_fdt_size);
 
     xfree(overlay_fdt);
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.