From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mukesh Rathor <mukesh.rathor@oracle.com>
Subject: Re: xc_map_foreign_bulk() memory leak in ARM version?
Date: Fri, 17 May 2013 12:13:07 -0700
Message-ID: <20130517121307.33e5e5d3@mantra.us.oracle.com>
References: <CAOM=f9_3VKKri9=vdC52hdOvqnX5jCyW5Swx4bKE=gCSfpgtcw@mail.gmail.com>
	<1368785640.24012.34.camel@hastur.hellion.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1368785640.24012.34.camel@hastur.hellion.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <ian.campbell@citrix.com>
Cc: Nyashka Surovski <nyashka.surovski@gmail.com>, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Fri, 17 May 2013 11:14:00 +0100
Ian Campbell <ian.campbell@citrix.com> wrote:

> On Thu, 2013-05-16 at 19:36 +0400, Nyashka Surovski wrote:
> > Hi Xen folks!
> > 
> > 
> > I've faced with one strange thing in ARM version of Xen: when I use
> > xc_map_foreign_bulk() to map some memory from domU to dom0, after
> > unmap() for previous returned address - memory is not freed at all.
> > 
> > 
> > Let's look at call stack:
> > 
> > 
> > xc_map_foreign() -> 
> >   linux_privcmd_map_foreign_bulk() -> 
> >     { 
> >     addr = mmap(fd); 
> >     ioctl(fd, IOCTL_PRIVCMD_MMAPBATCH_V2 ); 
> >     }  ->
> >       alloc_empty_pages() ->
> >         alloc_xenballoned_pages();
> > 
> > So, I think that unmap(addr) must call free_xenballoned_pages(), but
> > this doesn't happen. =(
> > Let me note, that mmap() knows about privcmd_close() function, and
> > it is the place where free_xenballoned_pages() is called, So we
> > have that unmap() doesn't call privcmd_close() at all. It's
> > something strange for me.
> > 
> > Can somebody show me the place of my misunderstanding, or is it a
> > real bug?
> 
> Do you mean munmap()?
> 
> I think munmap will eventually end up calling close, when the
> references to the vma etc are gone. Since the code path is a bit
> twisty I'd be tempted to throw in a debug printk to confirm though.
> 
> Can you share your usercode?

I dealt with that a lot during PVH debug. Yes, munmap will call close.
If the process exits without calling munmap, then do_exit -> exit_mm will
result in call to privcmd_close.

hope that helps.
Mukesh