[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/events: avoid NULL pointer dereference in evtchn_from_irq()

On 21.05.20 23:57, Boris Ostrovsky wrote:
On 5/21/20 2:46 PM, Marek Marczykowski-Górecki wrote:
On Thu, May 21, 2020 at 01:22:03PM -0400, Boris Ostrovsky wrote:
On 3/19/20 3:14 AM, Juergen Gross wrote:
There have been reports of races in evtchn_from_irq() where the info
pointer has been NULL.

Avoid that case by testing info before dereferencing it.

In order to avoid accessing a just freed info structure do the kfree()
via kfree_rcu().

Looks like noone ever responded to this.

This change looks fine but is there a background on the problem? I
looked in the archives and didn't find the relevant discussion.
Here is the original bug report:

Thanks. Do we know what the race is? Is it because an event is being
delivered from a dying guest who is in the process of tearing down event

Missing synchronization between event channel (de-)allocation and

I have a patch sitting here, just didn't have the time to do some proper
testing and sending it out.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.