debuggers.hg
diff xen/include/xen/tmem_xen.h @ 20964:a3fa6d444b25
Fix domain reference leaks
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Feb 10 09:18:43 2010 +0000 (2010-02-10) |
| parents | 277bfc2d47b1 |
| children | 61372a4f4e76 |
line diff
1.1 --- a/xen/include/xen/tmem_xen.h Wed Feb 10 09:18:11 2010 +0000 1.2 +++ b/xen/include/xen/tmem_xen.h Wed Feb 10 09:18:43 2010 +0000 1.3 @@ -43,8 +43,6 @@ extern rwlock_t tmem_rwlock; 1.4 1.5 extern void tmh_copy_page(char *to, char*from); 1.6 extern int tmh_init(void); 1.7 -extern tmh_client_t *tmh_client_init(void); 1.8 -extern void tmh_client_destroy(tmh_client_t *); 1.9 #define tmh_hash hash_long 1.10 1.11 extern void tmh_release_avail_pages_to_host(void); 1.12 @@ -281,6 +279,9 @@ typedef domid_t cli_id_t; 1.13 typedef struct domain tmh_cli_ptr_t; 1.14 typedef struct page_info pfp_t; 1.15 1.16 +extern tmh_client_t *tmh_client_init(cli_id_t); 1.17 +extern void tmh_client_destroy(tmh_client_t *); 1.18 + 1.19 /* this appears to be unreliable when a domain is being shut down */ 1.20 static inline struct client *tmh_client_from_cli_id(cli_id_t cli_id) 1.21 { 1.22 @@ -290,6 +291,11 @@ static inline struct client *tmh_client_ 1.23 return (struct client *)(d->tmem); 1.24 } 1.25 1.26 +static inline void tmh_client_put(tmh_client_t *tmh) 1.27 +{ 1.28 + put_domain(tmh->domain); 1.29 +} 1.30 + 1.31 static inline struct client *tmh_client_from_current(void) 1.32 { 1.33 return (struct client *)(current->domain->tmem); 1.34 @@ -307,10 +313,12 @@ static inline tmh_cli_ptr_t *tmh_get_cli 1.35 return current->domain; 1.36 } 1.37 1.38 -static inline void tmh_set_client_from_id(struct client *client,cli_id_t cli_id) 1.39 +static inline void tmh_set_client_from_id(struct client *client, 1.40 + tmh_client_t *tmh, cli_id_t cli_id) 1.41 { 1.42 struct domain *d = get_domain_by_id(cli_id); 1.43 d->tmem = client; 1.44 + tmh->domain = d; 1.45 } 1.46 1.47 static inline bool_t tmh_current_is_privileged(void)