From patchwork Fri Jul 25 14:17:26 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 34282
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBBWPZGPAKGQEZYQM6AA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-pa0-f72.google.com (mail-pa0-f72.google.com
 [209.85.220.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 673DB235AB
 for <linaro@patches.linaro.org>; Fri, 25 Jul 2014 14:19:51 +0000 (UTC)
Received: by mail-pa0-f72.google.com with SMTP id eu11sf29315071pac.3
 for <linaro@patches.linaro.org>; Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:cc:subject
 :precedence:list-id:list-unsubscribe:list-post:list-help
 :list-subscribe:mime-version:sender:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list:list-archive
 :content-type:content-transfer-encoding;
 bh=gaFgMBaq8Qp/0z+kNQ7iJ5AAMDisYAS6olQ2ygzofl8=;
 b=SLPPjFdbOVwd/HQyA1HtgAZDQTOe0P+vguHJHxWGgwCZDuofItJTvgq3MZ0mrINn/9
 U9SAiJYRgEUkB1KLxmqVmaqp8+JABlltqBXAak83LIExYXKjgguGLEWIl9jwdeSxIEDI
 wUj6oUZfGNPqNffA+usmu7xQddtkA9BqK3hHLF73CDJK3Xlpf5/UilUX+4kPjWL44w/R
 MT7P6XlN1R0ezJJXd4N3JCggw5nXIJkmIMf1JqEv6jPqkJnfZDaR+1fKZnub2XiZ1bZ4
 ArdwRa/76UjErBVGyah4vdV68ZTbPsg7lBBq1gqF6qhMQZzBtfsZs6l92jenphqPfpef
 Chcg==
X-Gm-Message-State: ALoCoQmwk007i1O29Sw6x1lGQn9da3r4HNGtjB8q6S1kP6HckkXDoCAqtF0/jqk5KDYbW1hz11ct
X-Received: by 10.66.219.226 with SMTP id pr2mr8206235pac.47.1406297990625; 
 Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.30.36 with SMTP id c33ls1220917qgc.72.gmail; Fri, 25 Jul
 2014 07:19:50 -0700 (PDT)
X-Received: by 10.221.39.132 with SMTP id tm4mr1978772vcb.74.1406297990426; 
 Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
Received: from mail-vc0-f179.google.com (mail-vc0-f179.google.com
 [209.85.220.179]) by mx.google.com with ESMTPS id
 bw1si7525357vcb.18.2014.07.25.07.19.50
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.179 as permitted sender) client-ip=209.85.220.179; 
Received: by mail-vc0-f179.google.com with SMTP id hq11so7593675vcb.10
 for <patchwork-forward@linaro.org>;
 Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
X-Received: by 10.220.118.136 with SMTP id v8mr2645152vcq.50.1406297990332; 
 Fri, 25 Jul 2014 07:19:50 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp41807vcb;
 Fri, 25 Jul 2014 07:19:49 -0700 (PDT)
X-Received: by 10.42.106.145 with SMTP id z17mr3911655ico.82.1406297989732; 
 Fri, 25 Jul 2014 07:19:49 -0700 (PDT)
Received: from lists.xen.org (lists.xen.org. [50.57.142.19])
 by mx.google.com with ESMTPS id w2si3298249igl.28.2014.07.25.07.19.49
 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Fri, 25 Jul 2014 07:19:49 -0700 (PDT)
Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not
 designate permitted sender hosts) client-ip=50.57.142.19; 
Received: from localhost ([127.0.0.1] helo=lists.xen.org)
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <xen-devel-bounces@lists.xen.org>)
 id 1XAgJV-000799-Ls; Fri, 25 Jul 2014 14:17:37 +0000
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
 by lists.xen.org with esmtp (Exim 4.72)
 (envelope-from <julien.grall@linaro.org>) id 1XAgJU-000794-SQ
 for xen-devel@lists.xenproject.org; Fri, 25 Jul 2014 14:17:36 +0000
Received: from [193.109.254.147:44640] by server-1.bemta-14.messagelabs.com
 id 96/C0-24760-00762D35; Fri, 25 Jul 2014 14:17:36 +0000
X-Env-Sender: julien.grall@linaro.org
X-Msg-Ref: server-3.tower-27.messagelabs.com!1406297855!11735320!1
X-Originating-IP: [74.125.82.41]
X-SpamReason: No, hits=0.0 required=7.0 tests=SUBJECT_RANDOMQ
X-StarScan-Received: 
X-StarScan-Version: 6.11.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 8557 invoked from network); 25 Jul 2014 14:17:35 -0000
Received: from mail-wg0-f41.google.com (HELO mail-wg0-f41.google.com)
 (74.125.82.41)
 by server-3.tower-27.messagelabs.com with RC4-SHA encrypted SMTP;
 25 Jul 2014 14:17:35 -0000
Received: by mail-wg0-f41.google.com with SMTP id z12so4310603wgg.12
 for <xen-devel@lists.xenproject.org>;
 Fri, 25 Jul 2014 07:17:35 -0700 (PDT)
X-Received: by 10.194.191.131 with SMTP id gy3mr22654898wjc.108.1406297855269; 
 Fri, 25 Jul 2014 07:17:35 -0700 (PDT)
Received: from belegaer.uk.xensource.com ([185.25.64.249])
 by mx.google.com with ESMTPSA id
 lq15sm6509757wic.1.2014.07.25.07.17.33 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 25 Jul 2014 07:17:34 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xenproject.org
Date: Fri, 25 Jul 2014 15:17:26 +0100
Message-Id: <1406297847-23440-1-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
Cc: stefano.stabellini@citrix.com, Julien Grall <julien.grall@linaro.org>,
 tim@xen.org, ian.campbell@citrix.com
Subject: [Xen-devel] [PATCH] xen/arm: domain_vgic_init: Avoid double free on
 shared_irqs
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.179 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>

When the function domain_vgic_init is failing to initialize pending_irqs,
it will free shared_irqs. Few call later, domain_vgic_free will be called
an try to free a second time the same variable. This will result to a double
free.

Remove the free in domain_vgic_init and rely on domain_vgic_free to correctly
release the memory.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---

This patch should be backported to Xen 4.4.
---
 xen/arch/arm/vgic.c |    3 ---
 1 file changed, 3 deletions(-)

diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index aba613b..edbb71a 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -84,10 +84,7 @@ int domain_vgic_init(struct domain *d, unsigned int nr_spis)
     d->arch.vgic.pending_irqs =
         xzalloc_array(struct pending_irq, d->arch.vgic.nr_spis);
     if ( d->arch.vgic.pending_irqs == NULL )
-    {
-        xfree(d->arch.vgic.shared_irqs);
         return -ENOMEM;
-    }
 
     for (i=0; i<d->arch.vgic.nr_spis; i++)
     {