thr3ads.net - Xen devel - [Xen-devel] [patch] Fix use-after-free in xenconsoled. [Nov 2007]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Gerd Hoffmann

2007-Nov-01 13:59 UTC

[Xen-devel] [patch] Fix use-after-free in xenconsoled.

Hi,

shutdown_domain() MUST NOT call cleanup_domain(), just flagging them as
dead is enough.  cleanup_domains() for dead domains is called by the
mainloop in handle_io() in a safe way already.

shutdown_domain() calling cleanup_domain() too leads struct domain being
accessed after freeing and to a double-free.

Fixed by simply dropping the cleanup_domain() call and by making the
functions called by the main loop in handle_io() ignore dead domains.

please apply,

  Gerd


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Nov 2007 - [patch] Fix use-after-free in xenconsoled.

[Xen-devel] [patch] Fix use-after-free in xenconsoled.