From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:54106)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvR-0006uj-MZ
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvM-000708-J4
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:37 -0400
Received: from mga01.intel.com ([192.55.52.88]:42607)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvM-0006zL-C7
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:32 -0400
From: Xudong Hao <xudong.hao@intel.com>
Message-Id: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
Subject: [Qemu-devel] [PATCH] qemu-kvm: fix unmatched RAM alloction/free
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Date: Thu, 23 May 2013 01:02:42 -0000
To: kvm@vger.kernel.org
Cc: pbonzini@redhat.com, Xudong Hao <xudong.hao@intel.com>, qemu-devel@nongnu.org, gleb@redhat.com

mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
issue.

This issue appears when a PCI device is being assigned to KVM guest,
failure to read PCI rom file will bring RAM free, then the incorrect
qemu_vfree calling will cause a segment fault.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
---
 exec.c |    6 +-----
 1 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index fa1e0c3..d40d237 100644
--- a/exec.c
+++ b/exec.c
@@ -1152,15 +1152,11 @@ void qemu_ram_free(ram_addr_t addr)
                 abort();
 #endif
             } else {
-#if defined(TARGET_S390X) && defined(CONFIG_KVM)
-                munmap(block->host, block->length);
-#else
                 if (xen_enabled()) {
                     xen_invalidate_map_cache_entry(block->host);
                 } else {
-                    qemu_vfree(block->host);
+                    munmap(block->host, block->length);
                 }
-#endif
             }
             g_free(block);
             break;
-- 
1.5.6