From 059fab2cc0ff5bd4668b6c11b5695adc69b2bc26 Mon Sep 17 00:00:00 2001
From: Balazs Gerofi <bgerofi@riken.jp>
Date: Wed, 26 Oct 2016 14:50:07 +0900
Subject: [PATCH] mcctrl: fix NULL pointer dereference for unbooted OS instance
 shutdown

---
 executer/kernel/mcctrl/driver.c      | 19 ++++++++++++++-----
 executer/kernel/mcctrl/ikc.c         |  5 +++++
 executer/kernel/mcctrl/procfs.c      |  3 ++-
 executer/kernel/mcctrl/sysfs.c       |  9 ++++++++-
 executer/kernel/mcctrl/sysfs_files.c |  5 +++++
 5 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/executer/kernel/mcctrl/driver.c b/executer/kernel/mcctrl/driver.c
index b4ea568d..20a6fa39 100644
--- a/executer/kernel/mcctrl/driver.c
+++ b/executer/kernel/mcctrl/driver.c
@@ -129,11 +129,15 @@ error_cleanup_channels:
 
 int mcctrl_os_shutdown_notifier(int os_index)
 {
-	sysfsm_cleanup(os[os_index]);
-	free_topology_info(os[os_index]);
-	ihk_os_unregister_user_call_handlers(os[os_index], mcctrl_uc + os_index);
-	destroy_ikc_channels(os[os_index]);
-	procfs_exit(os_index);
+	if (os[os_index]) {
+		sysfsm_cleanup(os[os_index]);
+		free_topology_info(os[os_index]);
+		ihk_os_unregister_user_call_handlers(os[os_index], mcctrl_uc + os_index);
+		destroy_ikc_channels(os[os_index]);
+		procfs_exit(os_index);
+	}
+
+	os[os_index] = NULL;
 
 	printk("mcctrl: OS ID %d shutdown event handled\n", os_index);
 	return 0;
@@ -151,11 +155,16 @@ static struct ihk_os_notifier mcctrl_os_notifier = {
 static int __init mcctrl_init(void)
 {
 	int ret = 0;
+	int i;
 
 #ifndef DO_USER_MODE
 	mcctrl_syscall_init();
 #endif
 
+	for (i = 0; i < OS_MAX_MINOR; ++i) {
+		os[i] = NULL;
+	}
+
 	rus_page_hash_init();
 
 	binfmt_mcexec_init();
diff --git a/executer/kernel/mcctrl/ikc.c b/executer/kernel/mcctrl/ikc.c
index a1c00b5b..3a93e53b 100644
--- a/executer/kernel/mcctrl/ikc.c
+++ b/executer/kernel/mcctrl/ikc.c
@@ -311,6 +311,11 @@ void destroy_ikc_channels(ihk_os_t os)
 	int i;
 	struct mcctrl_usrdata *usrdata = ihk_host_os_get_usrdata(os);
 
+	if (!usrdata) {
+		printk("%s: WARNING: no mcctrl_usrdata found\n", __FUNCTION__);
+		return;
+	}
+
 	ihk_host_os_set_usrdata(os, NULL);
 
 	for (i = 0; i < usrdata->num_channels; i++) {
diff --git a/executer/kernel/mcctrl/procfs.c b/executer/kernel/mcctrl/procfs.c
index 96243fc4..ec09a7ca 100644
--- a/executer/kernel/mcctrl/procfs.c
+++ b/executer/kernel/mcctrl/procfs.c
@@ -481,8 +481,9 @@ procfs_exit(int osnum)
 
 	down(&procfs_file_list_lock);
 	e = find_base_entry(osnum);
-	if(e)
+	if (e) {
 		delete_procfs_entries(e);
+	}
 	up(&procfs_file_list_lock);
 }
 
diff --git a/executer/kernel/mcctrl/sysfs.c b/executer/kernel/mcctrl/sysfs.c
index 93289d05..0ac0604c 100644
--- a/executer/kernel/mcctrl/sysfs.c
+++ b/executer/kernel/mcctrl/sysfs.c
@@ -1232,9 +1232,16 @@ sysfsm_cleanup(ihk_os_t os)
 	int error;
 	ihk_device_t dev = ihk_os_to_dev(os);
 	struct mcctrl_usrdata *udp = ihk_host_os_get_usrdata(os);
-	struct sysfsm_data *sdp = &udp->sysfsm_data;
+	struct sysfsm_data *sdp;
 	struct sysfsm_node *np;
 
+	if (!udp) {
+		printk("%s: WARNING: no mcctrl_usrdata found\n", __FUNCTION__);
+		return;
+	}
+
+	sdp = &udp->sysfsm_data;
+
 	dprintk("mcctrl:sysfsm_cleanup(%p)\n", os);
 
 	if (sdp->sysfs_buf) {
diff --git a/executer/kernel/mcctrl/sysfs_files.c b/executer/kernel/mcctrl/sysfs_files.c
index edb86292..6239f74f 100644
--- a/executer/kernel/mcctrl/sysfs_files.c
+++ b/executer/kernel/mcctrl/sysfs_files.c
@@ -191,6 +191,11 @@ void free_topology_info(ihk_os_t os)
 {
 	struct mcctrl_usrdata *udp = ihk_host_os_get_usrdata(os);
 
+	if (!udp) {
+		printk("%s: WARNING: no mcctrl_usrdata found\n", __FUNCTION__);
+		return;
+	}
+
 	free_node_topology(udp);
 	free_cpu_topology(udp);