[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Patch] x86/mm: Prevent leaking domain mappings in paging_log_dirty_op()



>>> On 10.12.13 at 14:53, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> Coverity ID: 1135374 1135375 1135376 1135377
> 
> If {copy_to,clear}_guest_offset() fails, we would leak the domain mappings 
> for
> l4 thru l1.
> 
> Fixing this requires having conditional unmaps on the faulting path, which 
> in
> turn requires explicitly initialising the pointers to NULL because of the
> early ENOMEM exit.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

with a minor comment:

> @@ -432,6 +432,15 @@ int paging_log_dirty_op(struct domain *d, struct 
> xen_domctl_shadow_op *sc)
>      return rv;
>  
>   out:
> +    if ( l1 )
> +        unmap_domain_page(l1);
> +    if ( l2 )
> +        unmap_domain_page(l2);
> +    if ( l3 )
> +        unmap_domain_page(l3);
> +    if ( l4 )
> +        unmap_domain_page(l4);
> +
>      paging_unlock(d);
>      domain_unpause(d);
>      return rv;

While on an error path, it would nevertheless seem better to do the
unmaps after the unlock/unpause.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.