|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 2/2] Fix NULL pointer dereference in ARINC653 free_vdata.
From: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>
The ARINC653 scheduler alloc_vdata function does not add the
idle cpu to its internal vcpu_list, but when the free_vdata
function is called, the scheduler attempted to remove the vcpu
from its internal vcpu_list, regardless of whether or not
the vcpu was the idle vcpu. Since the idle vcpu's list field
was never initialized, a NULL pointer was passed to list_del.
When using cpupools, this resulted in a crash when moving a cpu
from an arinc653 scheduler pool.
Signed-off-by: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>
---
xen/common/sched_arinc653.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
index a1d9443..8a5bd9c 100644
--- a/xen/common/sched_arinc653.c
+++ b/xen/common/sched_arinc653.c
@@ -418,7 +418,9 @@ a653sched_free_vdata(const struct scheduler *ops, void
*priv)
if (av == NULL)
return;
- list_del(&av->list);
+ if ( !is_idle_vcpu(av->vc) )
+ list_del(&av->list);
+
xfree(av);
update_schedule_vcpus(ops);
}
--
1.7.9.5
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |