|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] xen/events: avoid NULL pointer dereference in evtchn_from_irq()
On 21.05.20 23:57, Boris Ostrovsky wrote: On 5/21/20 2:46 PM, Marek Marczykowski-Górecki wrote:On Thu, May 21, 2020 at 01:22:03PM -0400, Boris Ostrovsky wrote:On 3/19/20 3:14 AM, Juergen Gross wrote:There have been reports of races in evtchn_from_irq() where the info pointer has been NULL. Avoid that case by testing info before dereferencing it. In order to avoid accessing a just freed info structure do the kfree() via kfree_rcu().Looks like noone ever responded to this. This change looks fine but is there a background on the problem? I looked in the archives and didn't find the relevant discussion.Here is the original bug report: https://xen.markmail.org/thread/44apwkwzeme4uavoThanks. Do we know what the race is? Is it because an event is being delivered from a dying guest who is in the process of tearing down event channels? Missing synchronization between event channel (de-)allocation and handling. I have a patch sitting here, just didn't have the time to do some proper testing and sending it out. Juergen
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |