debuggers.hg

diff xen/include/xen/tmem_xen.h @ 20964:a3fa6d444b25

Fix domain reference leaks

Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Feb 10 09:18:43 2010 +0000 (2010-02-10)
parents 277bfc2d47b1
children 61372a4f4e76
line diff
     1.1 --- a/xen/include/xen/tmem_xen.h	Wed Feb 10 09:18:11 2010 +0000
     1.2 +++ b/xen/include/xen/tmem_xen.h	Wed Feb 10 09:18:43 2010 +0000
     1.3 @@ -43,8 +43,6 @@ extern rwlock_t tmem_rwlock;
     1.4  
     1.5  extern void tmh_copy_page(char *to, char*from);
     1.6  extern int tmh_init(void);
     1.7 -extern tmh_client_t *tmh_client_init(void);
     1.8 -extern void tmh_client_destroy(tmh_client_t *);
     1.9  #define tmh_hash hash_long
    1.10  
    1.11  extern void tmh_release_avail_pages_to_host(void);
    1.12 @@ -281,6 +279,9 @@ typedef domid_t cli_id_t;
    1.13  typedef struct domain tmh_cli_ptr_t;
    1.14  typedef struct page_info pfp_t;
    1.15  
    1.16 +extern tmh_client_t *tmh_client_init(cli_id_t);
    1.17 +extern void tmh_client_destroy(tmh_client_t *);
    1.18 +
    1.19  /* this appears to be unreliable when a domain is being shut down */
    1.20  static inline struct client *tmh_client_from_cli_id(cli_id_t cli_id)
    1.21  {
    1.22 @@ -290,6 +291,11 @@ static inline struct client *tmh_client_
    1.23      return (struct client *)(d->tmem);
    1.24  }
    1.25  
    1.26 +static inline void tmh_client_put(tmh_client_t *tmh)
    1.27 +{
    1.28 +    put_domain(tmh->domain);
    1.29 +}
    1.30 +
    1.31  static inline struct client *tmh_client_from_current(void)
    1.32  {
    1.33      return (struct client *)(current->domain->tmem);
    1.34 @@ -307,10 +313,12 @@ static inline tmh_cli_ptr_t *tmh_get_cli
    1.35      return current->domain;
    1.36  }
    1.37  
    1.38 -static inline void tmh_set_client_from_id(struct client *client,cli_id_t cli_id)
    1.39 +static inline void tmh_set_client_from_id(struct client *client,
    1.40 +                                          tmh_client_t *tmh, cli_id_t cli_id)
    1.41  {
    1.42      struct domain *d = get_domain_by_id(cli_id);
    1.43      d->tmem = client;
    1.44 +    tmh->domain = d;
    1.45  }
    1.46  
    1.47  static inline bool_t tmh_current_is_privileged(void)