[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom()

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 1 Feb 2023 13:29:24 +0000
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Edwin Török <edwin.torok@xxxxxxxxx>, Rob Hoes <Rob.Hoes@xxxxxxxxxx>
  • Delivery-date: Wed, 01 Feb 2023 13:29:58 +0000
  • Ironport-data: A9a23:NrphE6r6zarhWHiGlHUtIfI9N0ReBmIZZRIvgKrLsJaIsI4StFCzt garIBnVPfffYmH9L9tzPonkpE4Hu5LczNc3Tldo+S8wFXlH8JuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpAFc+E0/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WxwUmAWP6gR5weEzyBNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXACgmd0yDoMWr+ayQTNN9h/wkdND0YIxK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFOUslWcOSA3xETdxVxrl6PqLVxyG/U1AFri5DmMcbPe8zMTsJQ9qqdj jOaoT2kX0xCXDCZ4Rar2HKmm9/9oR3iAboxMpfh9dhFr2TGkwT/DzVJDADm8JFVkHWWS99Zb kAZ5Ccqhawz71CwCMnwWQWip3yJtQJaXMBfe8U24R+A4rDZ6AGYAi4DVDEpVTA9nJZoH3pwj AbPxo63Q2U169V5VE5x6J+MhiruOQ8yMFYcTik+XAo95IH6v90820enoslYLIa5idj8GDfVy j+MrTQji7h7sfPnx5lX7nic3Wvy+8Ghohodo1yOAzn7tl8RiJuNPdTA1LTN0RpXwG91pHGlt WNMpcWR5ftm4XqlxH3UG7Vl8F1ECp+43NzgbbxHRcFJG9eFoSTLkWVsDNZWei9U3j4sI2OBX aMqkVo5CGVvFHWrd7RrRIm6Ft4ny6Ptffy8CK+JN4sWOsAsLlXYlM2LWaJ39zm9+HXAbIllY cvLGSpSJSly5VtbIMqeGL5GjO5DKtEWzmLPX5HrpylLIpLHDEN5vYwtaQPUBshgtfPsnekg2 4oHXyd840kFAbKWj+i+2dJ7EG3m2lBhWMmp95QLJrHaSuekcUl4Y8LsLXoaU9QNt8xoei3gp BlRhmcwJILDuED6
  • Ironport-hdrordr: A9a23:UlC0ka+vJp881wKjHJ9uk+DQI+orL9Y04lQ7vn2ZHyYlF/Bw8P re/sjztCWE6wr5PUtLpTnuAsS9qB/nmaKdgrNwAV7BZmfbUQKTRekI0WKI+Vzd8kPFmdK0ZM xbAsxDNOE=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
All caml_alloc_*() functions can throw exceptions, and longjump out of
context.  If this happens, we leak the xch/xce handle.

Reorder the logic to allocate the the Ocaml object first.

Fixes: 8b3c06a3e545 ("tools/ocaml/xenctrl: OCaml 5 support, fix use-after-free")
Fixes: 22d5affdf0ce ("tools/ocaml/evtchn: OCaml 5 support, fix potential 
resource leak")
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Christian Lindig <christian.lindig@xxxxxxxxxx>
CC: David Scott <dave@xxxxxxxxxx>
CC: Edwin Török <edwin.torok@xxxxxxxxx>
CC: Rob Hoes <Rob.Hoes@xxxxxxxxxx>
---
 tools/ocaml/libs/eventchn/xeneventchn_stubs.c | 6 ++++--
 tools/ocaml/libs/xc/xenctrl_stubs.c           | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c 
b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
index 34dcfed30275..1980acf405a5 100644
--- a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
+++ b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c
@@ -63,6 +63,8 @@ CAMLprim value stub_eventchn_init(value cloexec)
        if ( !Bool_val(cloexec) )
                flags |= XENEVTCHN_NO_CLOEXEC;
 
+       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
+
        caml_enter_blocking_section();
        xce = xenevtchn_open(NULL, flags);
        caml_leave_blocking_section();
@@ -70,7 +72,6 @@ CAMLprim value stub_eventchn_init(value cloexec)
        if (xce == NULL)
                caml_failwith("open failed");
 
-       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
        *(xenevtchn_handle **)Data_custom_val(result) = xce;
 
        CAMLreturn(result);
@@ -82,6 +83,8 @@ CAMLprim value stub_eventchn_fdopen(value fdval)
        CAMLlocal1(result);
        xenevtchn_handle *xce;
 
+       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
+
        caml_enter_blocking_section();
        xce = xenevtchn_fdopen(NULL, Int_val(fdval), 0);
        caml_leave_blocking_section();
@@ -89,7 +92,6 @@ CAMLprim value stub_eventchn_fdopen(value fdval)
        if (xce == NULL)
                caml_failwith("evtchn fdopen failed");
 
-       result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1);
        *(xenevtchn_handle **)Data_custom_val(result) = xce;
 
        CAMLreturn(result);
diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c 
b/tools/ocaml/libs/xc/xenctrl_stubs.c
index f9006c662382..ed1cbafdb488 100644
--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
@@ -98,6 +98,8 @@ CAMLprim value stub_xc_interface_open(value unit)
        CAMLlocal1(result);
        xc_interface *xch;
 
+       result = caml_alloc_custom(&xenctrl_ops, sizeof(xch), 0, 1);
+
        caml_enter_blocking_section();
        xch = xc_interface_open(NULL, NULL, 0);
        caml_leave_blocking_section();
@@ -105,7 +107,6 @@ CAMLprim value stub_xc_interface_open(value unit)
        if ( !xch )
                failwith_xc(xch);
 
-       result = caml_alloc_custom(&xenctrl_ops, sizeof(xch), 0, 1);
        *(xc_interface **)Data_custom_val(result) = xch;
 
        CAMLreturn(result);
-- 
2.11.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.