[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] tools/xenstore: domain can sometimes disappear when destroying connection



There is a circular link formed between domain and a connection. In certain
circustances, when conn is freed, domain is also freed, which leads to use
after free when trying to set the conn field in domain to null.

Signed-off-by: Petre Eftime <epetre@xxxxxxxxxx>
---
 tools/xenstore/xenstored_domain.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/xenstore/xenstored_domain.c 
b/tools/xenstore/xenstored_domain.c
index fa6655033a..f085d40476 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -222,6 +222,7 @@ static void domain_cleanup(void)
 {
        xc_dominfo_t dominfo;
        struct domain *domain;
+       struct connection *tmp_conn;
        int notify = 0;
 
  again:
@@ -238,8 +239,14 @@ static void domain_cleanup(void)
                                continue;
                }
                if (domain->conn) {
-                       talloc_unlink(talloc_autofree_context(), domain->conn);
+                       /*
+                        * In certain circumstances conn owns domain and
+                        * domain will be freed when conn is unlinked.
+                        */
+                       tmp_conn = domain->conn;
                        domain->conn = NULL;
+
+                       talloc_unlink(talloc_autofree_context(), tmp_conn);
                        notify = 0; /* destroy_domain() fires the watch */
                        goto again;
                }
-- 
2.16.5




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar 
Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in 
Romania. Registration number J22/2621/2005.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.