diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2010-02-10 09:18:43 +0000 |
| commit | b14339379a571840ce040fce563580c09fb0a1f5 (patch) | |
| tree | 556719b9ddc32870730ea8657fda6ddcfba67203 /xen/include/xen/tmem_xen.h | |
| parent | 948593955a433efb249034849be0313e34acfbfa (diff) | |
| download | xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.gz xen-b14339379a571840ce040fce563580c09fb0a1f5.tar.bz2 xen-b14339379a571840ce040fce563580c09fb0a1f5.zip | |
Fix domain reference leaks
Besides two unlikely/rarely hit ones in x86 code, the main offender
was tmh_client_from_cli_id(), which didn't even have a counterpart
(albeit it had a comment correctly saying that it causes d->refcnt to
get incremented). Unfortunately(?) this required a bit of code
restructuring (as I needed to change the code anyway, I also fixed
a couple os missing bounds checks which would sooner or later be
reported as security vulnerabilities), so I would hope Dan could give
it his blessing before it gets applied.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Diffstat (limited to 'xen/include/xen/tmem_xen.h')
| -rw-r--r-- | xen/include/xen/tmem_xen.h | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/xen/include/xen/tmem_xen.h b/xen/include/xen/tmem_xen.h index 394251dfef..56be37e950 100644 --- a/xen/include/xen/tmem_xen.h +++ b/xen/include/xen/tmem_xen.h @@ -43,8 +43,6 @@ extern rwlock_t tmem_rwlock; extern void tmh_copy_page(char *to, char*from); extern int tmh_init(void); -extern tmh_client_t *tmh_client_init(void); -extern void tmh_client_destroy(tmh_client_t *); #define tmh_hash hash_long extern void tmh_release_avail_pages_to_host(void); @@ -281,6 +279,9 @@ typedef domid_t cli_id_t; typedef struct domain tmh_cli_ptr_t; typedef struct page_info pfp_t; +extern tmh_client_t *tmh_client_init(cli_id_t); +extern void tmh_client_destroy(tmh_client_t *); + /* this appears to be unreliable when a domain is being shut down */ static inline struct client *tmh_client_from_cli_id(cli_id_t cli_id) { @@ -290,6 +291,11 @@ static inline struct client *tmh_client_from_cli_id(cli_id_t cli_id) return (struct client *)(d->tmem); } +static inline void tmh_client_put(tmh_client_t *tmh) +{ + put_domain(tmh->domain); +} + static inline struct client *tmh_client_from_current(void) { return (struct client *)(current->domain->tmem); @@ -307,10 +313,12 @@ static inline tmh_cli_ptr_t *tmh_get_cli_ptr_from_current(void) return current->domain; } -static inline void tmh_set_client_from_id(struct client *client,cli_id_t cli_id) +static inline void tmh_set_client_from_id(struct client *client, + tmh_client_t *tmh, cli_id_t cli_id) { struct domain *d = get_domain_by_id(cli_id); d->tmem = client; + tmh->domain = d; } static inline bool_t tmh_current_is_privileged(void) |