From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <Ian.Campbell@citrix.com>
Subject: Re: [PATCH for-4.5 v2] libxc: don't leak buffer
 containing the uncompressed PV kernel
Date: Tue, 25 Nov 2014 16:29:10 +0000
Message-ID: <1416932950.11944.17.camel@citrix.com>
References: <1416498527-32441-1-git-send-email-ian.campbell@citrix.com>
	<20141120160307.GB31452@zion.uk.xensource.com>
	<1416932693.11944.15.camel@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1416932693.11944.15.camel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Wei Liu <wei.liu2@citrix.com>, ian.jackson@eu.citrix.com
Cc: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Tue, 2014-11-25 at 16:24 +0000, Ian Campbell wrote:
> On Thu, 2014-11-20 at 16:03 +0000, Wei Liu wrote:
> > On Thu, Nov 20, 2014 at 03:48:47PM +0000, Ian Campbell wrote:
> > > The libxc xc_dom_* infrastructure uses a very simple malloc memory pool which
> > > is freed by xc_dom_release. However the various xc_try_*_decode routines (other
> > > than the gzip one) just use plain malloc/realloc and therefore the buffer ends
> > > up leaked.
> > > 
> > > The memory pool currently supports mmap'd buffers as well as a directly
> > > allocated buffers, however the try decode routines make use of realloc and do
> > > not fit well into this model. Introduce a concept of an external memory block
> > > to the memory pool and provide an interface to register such memory.
> > > 
> > > The mmap_ptr and mmap_len fields of the memblock tracking struct lose their
> > > mmap_ prefix since they are now also used for external memory blocks.
> > > 
> > > We are only seeing this now because the gzip decoder doesn't leak and it's only
> > > relatively recently that kernels in the wild have switched to better
> > > compression.
> > > 
> > > This is https://bugs.debian.org/767295
> > > 
> > > Reported by: Gedalya <gedalya@gedalya.net>
> > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
> > 
> > Reviewed-by: Wei Liu <wei.liu2@citrix.com>
> 
> Thanks. Konrad release-acked on IRC so I've applied.

Ian: THis one should be backported I think.