[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 2/2] Fix NULL pointer dereference in ARINC653 free_vdata.

From: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>

The ARINC653 scheduler alloc_vdata function does not add the
idle cpu to its internal vcpu_list, but when the free_vdata
function is called, the scheduler attempted to remove the vcpu
from its internal vcpu_list, regardless of whether or not
the vcpu was the idle vcpu.  Since the idle vcpu's list field
was never initialized, a NULL pointer was passed to list_del.

When using cpupools, this resulted in a crash when moving a cpu
from an arinc653 scheduler pool.

Signed-off-by: Nathan Studer <nate.studer@xxxxxxxxxxxxxxx>
 xen/common/sched_arinc653.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/common/sched_arinc653.c b/xen/common/sched_arinc653.c
index a1d9443..8a5bd9c 100644
--- a/xen/common/sched_arinc653.c
+++ b/xen/common/sched_arinc653.c
@@ -418,7 +418,9 @@ a653sched_free_vdata(const struct scheduler *ops, void 
     if (av == NULL)
-    list_del(&av->list);
+    if ( !is_idle_vcpu(av->vc) )
+        list_del(&av->list);

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.