debuggers.hg
diff xen/arch/x86/debug.c @ 20964:a3fa6d444b25
Fix domain reference leaks
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Feb 10 09:18:43 2010 +0000 (2010-02-10) |
| parents | de04fe4e472c |
| children | e7afe98afd43 |
line diff
1.1 --- a/xen/arch/x86/debug.c Wed Feb 10 09:18:11 2010 +0000 1.2 +++ b/xen/arch/x86/debug.c Wed Feb 10 09:18:43 2010 +0000 1.3 @@ -252,10 +252,11 @@ dbg_rw_mem(dbgva_t addr, dbgbyte_t *buf, 1.4 else 1.5 len = __copy_from_user(buf, (void *)addr, len); 1.6 } 1.7 - else 1.8 + else if ( dp ) 1.9 { 1.10 - if ( dp && !dp->is_dying ) /* make sure guest is still there */ 1.11 + if ( !dp->is_dying ) /* make sure guest is still there */ 1.12 len= dbg_rw_guest_mem(addr, buf, len, dp, toaddr, pgd3); 1.13 + put_domain(dp); 1.14 } 1.15 1.16 DBGP2("gmem:exit:len:$%d\n", len);