|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 1/4] dt-overlay: Fix NULL pointer dereference
On Thu, 19 Sep 2024, Michal Orzel wrote:
> Attempt to attach an overlay (xl dt-overlay attach) to a domain without
> first adding this overlay to Xen (xl dt-overlay add) results in an
> overlay track entry being NULL in handle_attach_overlay_nodes(). This
> leads to NULL pointer dereference and the following data abort crash:
>
> (XEN) Cannot find any matching tracker with input dtbo. Operation is
> supported only for prior added dtbo.
> (XEN) Data Abort Trap. Syndrome=0x5
> (XEN) Walking Hypervisor VA 0x40 on CPU0 via TTBR 0x0000000046948000
> (XEN) 0TH[0x000] = 0x46940f7f
> (XEN) 1ST[0x000] = 0x0
> (XEN) CPU0: Unexpected Trap: Data Abort
> (XEN) ----[ Xen-4.20-unstable arm64 debug=y Not tainted ]----
> ...
> (XEN) Xen call trace:
> (XEN) [<00000a0000208b30>] dt_overlay_domctl+0x304/0x370 (PC)
> (XEN) [<00000a0000208b30>] dt_overlay_domctl+0x304/0x370 (LR)
> (XEN) [<00000a0000274b7c>] arch_do_domctl+0x48/0x328
>
> Fixes: 4c733873b5c2 ("xen/arm: Add XEN_DOMCTL_dt_overlay and device
> attachment to domains")
> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> ---
> xen/common/dt-overlay.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/xen/common/dt-overlay.c b/xen/common/dt-overlay.c
> index d53b4706cd2f..8606b14d1e8e 100644
> --- a/xen/common/dt-overlay.c
> +++ b/xen/common/dt-overlay.c
> @@ -908,8 +908,11 @@ static long handle_attach_overlay_nodes(struct domain *d,
> out:
> spin_unlock(&overlay_lock);
>
> - rangeset_destroy(entry->irq_ranges);
> - rangeset_destroy(entry->iomem_ranges);
> + if ( entry )
> + {
> + rangeset_destroy(entry->irq_ranges);
> + rangeset_destroy(entry->iomem_ranges);
> + }
>
> return rc;
> }
> --
> 2.37.6
>
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |