diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2016-01-29 00:47:52 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2016-01-29 00:47:52 +0000 |
| commit | 1f62d9e75803cb001d5419814cb5b138d3a696a9 (patch) | |
| tree | 372bb294109400aab232b5e3ef492bc09e550867 /sys | |
| parent | 4f867b80b2a16ee8312666a33bde2b29b0d0d4c5 (diff) | |
Move a pool_put() to avoid a use after free.
ok mlarkin@ stefan@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/arch/amd64/amd64/vmm.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c index 8e5fe5cff3f..b7a16037168 100644 --- a/sys/arch/amd64/amd64/vmm.c +++ b/sys/arch/amd64/amd64/vmm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm.c,v 1.32 2016/01/25 12:44:16 jsg Exp $ */ +/* $OpenBSD: vmm.c,v 1.33 2016/01/29 00:47:51 jsg Exp $ */ /* * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org> * @@ -2092,12 +2092,11 @@ vm_teardown(struct vm *vm) /* XXX teardown guest vmspace, free pages */ - pool_put(&vm_pool, vm); - vmm_softc->vm_ct--; if (vmm_softc->vm_ct < 1) vmm_stop(); rw_exit_write(&vm->vm_vcpu_lock); + pool_put(&vm_pool, vm); } /* |