| Message ID | 20180904192153.17210-4-julien.grall@arm.com |
|---|---|
| State | New |
| Headers | show |
| Series | xen/arm: vgic-v3: Bug fixes | expand |
On Tue, 4 Sep 2018, Julien Grall wrote: > vgic_v3_its_free_domain may be called before vgic_v3_its_init_domain if > the vGIC was failing to initalize itself. This means the list would be > unitialized and result in a crash. > > Thankfully, we only allow ITS for the hardware domain. So the crash is > not a security issue. Fix it by checking whether the list the NULL. > > Signed-off-by: Julien Grall <julien.grall@arm.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > --- > > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > --- > xen/arch/arm/vgic-v3-its.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c > index 32061c6b03..9edd97c4e7 100644 > --- a/xen/arch/arm/vgic-v3-its.c > +++ b/xen/arch/arm/vgic-v3-its.c > @@ -1548,6 +1548,10 @@ void vgic_v3_its_free_domain(struct domain *d) > { > struct virt_its *pos, *temp; > > + /* Cope with unitialized vITS */ > + if ( list_head_is_null(&d->arch.vgic.vits_list) ) > + return; > + > list_for_each_entry_safe( pos, temp, &d->arch.vgic.vits_list, vits_list ) > { > list_del(&pos->vits_list); > -- > 2.11.0 >
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c index 32061c6b03..9edd97c4e7 100644 --- a/xen/arch/arm/vgic-v3-its.c +++ b/xen/arch/arm/vgic-v3-its.c @@ -1548,6 +1548,10 @@ void vgic_v3_its_free_domain(struct domain *d) { struct virt_its *pos, *temp; + /* Cope with unitialized vITS */ + if ( list_head_is_null(&d->arch.vgic.vits_list) ) + return; + list_for_each_entry_safe( pos, temp, &d->arch.vgic.vits_list, vits_list ) { list_del(&pos->vits_list);
vgic_v3_its_free_domain may be called before vgic_v3_its_init_domain if the vGIC was failing to initalize itself. This means the list would be unitialized and result in a crash. Thankfully, we only allow ITS for the hardware domain. So the crash is not a security issue. Fix it by checking whether the list the NULL. Signed-off-by: Julien Grall <julien.grall@arm.com> --- Cc: Andrew Cooper <andrew.cooper3@citrix.com> --- xen/arch/arm/vgic-v3-its.c | 4 ++++ 1 file changed, 4 insertions(+)