diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
commit | b14339379a571840ce040fce563580c09fb0a1f5 (patch) | |
tree | 556719b9ddc32870730ea8657fda6ddcfba67203 /xen/arch/x86/debug.c | |
parent | 948593955a433efb249034849be0313e34acfbfa (diff) | |
download | xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.gz xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.bz2 xen-b14339379a571840ce040fce563580c09fb0a1f5.zip |
Fix domain reference leaks
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Diffstat (limited to 'xen/arch/x86/debug.c')
-rw-r--r-- | xen/arch/x86/debug.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c index 51193dd40b..98134b3b67 100644 --- a/xen/arch/x86/debug.c +++ b/xen/arch/x86/debug.c @@ -252,10 +252,11 @@ dbg_rw_mem(dbgva_t addr, dbgbyte_t *buf, int len, domid_t domid, int toaddr, else len = __copy_from_user(buf, (void *)addr, len); } - else + else if ( dp ) { - if ( dp && !dp->is_dying ) /* make sure guest is still there */ + if ( !dp->is_dying ) /* make sure guest is still there */ len= dbg_rw_guest_mem(addr, buf, len, dp, toaddr, pgd3); + put_domain(dp); } DBGP2("gmem:exit:len:$%d\n", len); |