|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 2/2] Fix NULL pointer dereference in ARINC653 free_vdata.
On 31/10/13 20:47, Nathan Studer wrote:
> From: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>
>
> The ARINC653 scheduler alloc_vdata function does not add the
> idle cpu to its internal vcpu_list, but when the free_vdata
> function is called, the scheduler attempted to remove the vcpu
> from its internal vcpu_list, regardless of whether or not
> the vcpu was the idle vcpu. Since the idle vcpu's list field
> was never initialized, a NULL pointer was passed to list_del.
>
> When using cpupools, this resulted in a crash when moving a cpu
> from an arinc653 scheduler pool.
>
> Signed-off-by: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>
This again looks sane, but can't it logically be merged with the
previous patch? Both of the patches are "dont break on
{alloc,free}_vdata when using cpupools"
I guess this is a matter of taste.
~Andrew
> ---
> xen/common/sched_arinc653.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
> index a1d9443..8a5bd9c 100644
> --- a/xen/common/sched_arinc653.c
> +++ b/xen/common/sched_arinc653.c
> @@ -418,7 +418,9 @@ a653sched_free_vdata(const struct scheduler *ops, void
> *priv)
> if (av == NULL)
> return;
>
> - list_del(&av->list);
> + if ( !is_idle_vcpu(av->vc) )
> + list_del(&av->list);
> +
> xfree(av);
> update_schedule_vcpus(ops);
> }
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |