From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: xen-devel@lists.xenproject.org
Cc: Dario Faggioli <dario.faggioli@citrix.com>,
Andrew Jones <drjones@redhat.com>,
Ian Campbell <Ian.Campbell@citrix.com>
Subject: [PATCH for-4.5] libxc: fix mmap leak in xc_unmap_domain_meminfo/xc_map_domain_meminfo
Date: Wed, 1 Oct 2014 15:35:36 +0200 [thread overview]
Message-ID: <1412170536-9028-1-git-send-email-vkuznets@redhat.com> (raw)
xc_unmap_domain_meminfo uses P2M_FLL_ENTRIES macro instead of P2M_FL_ENTRIES.
Moreover, P2M_FL_ENTRIES macro uses (dinfo->p2m_size) which is always 0 here
as we don't initialize it. The result is that we always unmap just 1 frame.
xc_map_domain_meminfo uses P2M_FLL_ENTRIES macro instead of P2M_FL_ENTRIES
on failure path.
The issue went unnoticed mostly because we use unmap_domain_meminfo and
xc_map_domain_meminfo in one-shot xen-mfndump and xen-hptool (through
xc_exchange_page()) tools. When used is long-running apps (e.g. in xl)
domains become zombies after their death.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
tools/libxc/xc_domain.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tools/libxc/xc_domain.c b/tools/libxc/xc_domain.c
index 43e1d44..3777b18 100644
--- a/tools/libxc/xc_domain.c
+++ b/tools/libxc/xc_domain.c
@@ -1861,12 +1861,13 @@ int xc_domain_bind_pt_isa_irq(
int xc_unmap_domain_meminfo(xc_interface *xch, struct xc_domain_meminfo *minfo)
{
- struct domain_info_context _di = { .guest_width = minfo->guest_width };
+ struct domain_info_context _di = { .guest_width = minfo->guest_width,
+ .p2m_size = minfo->p2m_size};
struct domain_info_context *dinfo = &_di;
free(minfo->pfn_type);
if ( minfo->p2m_table )
- munmap(minfo->p2m_table, P2M_FLL_ENTRIES * PAGE_SIZE);
+ munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE);
minfo->p2m_table = NULL;
return 0;
@@ -1977,7 +1978,7 @@ failed:
}
if ( minfo->p2m_table )
{
- munmap(minfo->p2m_table, P2M_FLL_ENTRIES * PAGE_SIZE);
+ munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE);
minfo->p2m_table = NULL;
}
--
1.9.3
next reply other threads:[~2014-10-01 13:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-01 13:35 Vitaly Kuznetsov [this message]
2014-10-02 14:22 ` [PATCH for-4.5] libxc: fix mmap leak in xc_unmap_domain_meminfo/xc_map_domain_meminfo Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1412170536-9028-1-git-send-email-vkuznets@redhat.com \
--to=vkuznets@redhat.com \
--cc=Ian.Campbell@citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=drjones@redhat.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).