diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
commit | b14339379a571840ce040fce563580c09fb0a1f5 (patch) | |
tree | 556719b9ddc32870730ea8657fda6ddcfba67203 /xen/common/tmem_xen.c | |
parent | 948593955a433efb249034849be0313e34acfbfa (diff) | |
download | xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.gz xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.bz2 xen-b14339379a571840ce040fce563580c09fb0a1f5.zip |
Fix domain reference leaks
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Diffstat (limited to 'xen/common/tmem_xen.c')
-rw-r--r-- | xen/common/tmem_xen.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/xen/common/tmem_xen.c b/xen/common/tmem_xen.c index 950c9c03da..b0d572a4ff 100644 --- a/xen/common/tmem_xen.c +++ b/xen/common/tmem_xen.c @@ -286,17 +286,16 @@ static void tmh_persistent_pool_page_put(void *page_va) /****************** XEN-SPECIFIC CLIENT HANDLING ********************/ -EXPORT tmh_client_t *tmh_client_init(void) +EXPORT tmh_client_t *tmh_client_init(cli_id_t cli_id) { tmh_client_t *tmh; char name[5]; - domid_t domid = current->domain->domain_id; int i, shift; if ( (tmh = xmalloc(tmh_client_t)) == NULL ) return NULL; for (i = 0, shift = 12; i < 4; shift -=4, i++) - name[i] = (((unsigned short)domid >> shift) & 0xf) + '0'; + name[i] = (((unsigned short)cli_id >> shift) & 0xf) + '0'; name[4] = '\0'; #ifndef __i386__ tmh->persistent_pool = xmem_pool_create(name, tmh_persistent_pool_page_get, @@ -307,7 +306,6 @@ EXPORT tmh_client_t *tmh_client_init(void) return NULL; } #endif - tmh->domain = current->domain; return tmh; } @@ -317,6 +315,7 @@ EXPORT void tmh_client_destroy(tmh_client_t *tmh) xmem_pool_destroy(tmh->persistent_pool); #endif put_domain(tmh->domain); + tmh->domain = NULL; } /****************** XEN-SPECIFIC HOST INITIALIZATION ********************/ |