debuggers.hg

diff xen/arch/x86/debug.c @ 20964:a3fa6d444b25

Fix domain reference leaks

Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Feb 10 09:18:43 2010 +0000 (2010-02-10)
parents de04fe4e472c
children e7afe98afd43
line diff
     1.1 --- a/xen/arch/x86/debug.c	Wed Feb 10 09:18:11 2010 +0000
     1.2 +++ b/xen/arch/x86/debug.c	Wed Feb 10 09:18:43 2010 +0000
     1.3 @@ -252,10 +252,11 @@ dbg_rw_mem(dbgva_t addr, dbgbyte_t *buf,
     1.4          else
     1.5              len = __copy_from_user(buf, (void *)addr, len);
     1.6      }
     1.7 -    else
     1.8 +    else if ( dp )
     1.9      {
    1.10 -        if ( dp && !dp->is_dying )   /* make sure guest is still there */
    1.11 +        if ( !dp->is_dying )   /* make sure guest is still there */
    1.12              len= dbg_rw_guest_mem(addr, buf, len, dp, toaddr, pgd3);
    1.13 +        put_domain(dp);
    1.14      }
    1.15  
    1.16      DBGP2("gmem:exit:len:$%d\n", len);