qemu-kvm: fix unmatched RAM alloction/free

Commit Message

Hao, Xudong Jan. 17, 2009, 11:13 p.m. UTC

mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
issue.

This issue appears when a PCI device is being assigned to KVM guest,
failure to read PCI rom file will bring RAM free, then the incorrect
qemu_vfree calling will cause a segment fault.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
---
 exec.c |    6 +-----
 1 files changed, 1 insertions(+), 5 deletions(-)

Comments

Paolo Bonzini May 23, 2013, 5:13 p.m. UTC | #1

> mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
> 7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
> issue.
> 
> This issue appears when a PCI device is being assigned to KVM guest,
> failure to read PCI rom file will bring RAM free, then the incorrect
> qemu_vfree calling will cause a segment fault.
> 
> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> ---
>  exec.c |    6 +-----
>  1 files changed, 1 insertions(+), 5 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index fa1e0c3..d40d237 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1152,15 +1152,11 @@ void qemu_ram_free(ram_addr_t addr)
>                  abort();
>  #endif
>              } else {
> -#if defined(TARGET_S390X) && defined(CONFIG_KVM)
> -                munmap(block->host, block->length);
> -#else
>                  if (xen_enabled()) {
>                      xen_invalidate_map_cache_entry(block->host);
>                  } else {
> -                    qemu_vfree(block->host);
> +                    munmap(block->host, block->length);
>                  }
> -#endif
>              }
>              g_free(block);
>              break;

Just "git pull". :)  This is very similar to commit e7a09b9 (osdep: introduce
qemu_anon_ram_free to free qemu_anon_ram_alloc-ed memory, 2013-05-13)

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hao, Xudong May 24, 2013, 1:21 a.m. UTC | #2

PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBQYW9sbyBCb256aW5pIFttYWls
dG86cGJvbnppbmlAcmVkaGF0LmNvbV0NCj4gU2VudDogRnJpZGF5LCBNYXkgMjQsIDIwMTMgMTox
MyBBTQ0KPiBUbzogSGFvLCBYdWRvbmcNCj4gQ2M6IGt2bUB2Z2VyLmtlcm5lbC5vcmc7IGdsZWJA
cmVkaGF0LmNvbTsgcWVtdS1kZXZlbEBub25nbnUub3JnDQo+IFN1YmplY3Q6IFJlOiBbUEFUQ0hd
IHFlbXUta3ZtOiBmaXggdW5tYXRjaGVkIFJBTSBhbGxvY3Rpb24vZnJlZQ0KPiANCj4gPiBtbWFw
IGlzIHVzZWQgaW4gcWVtdV92bWFsbG9jIGZ1bmN0aW9uIGluc3RlYWQgb2YgcWVtdV9tZW1hbGln
bihjb21taXQNCj4gPiA3ZGRhNWRjOCksIHNvIGl0IHNob3VsZCBjaGFuZ2UgcWVtdV92ZnJlZSB0
byBtdW5tYXAgdG8gZml4IGEgdW5tYXRjaGVkDQo+ID4gaXNzdWUuDQo+ID4NCj4gPiBUaGlzIGlz
c3VlIGFwcGVhcnMgd2hlbiBhIFBDSSBkZXZpY2UgaXMgYmVpbmcgYXNzaWduZWQgdG8gS1ZNIGd1
ZXN0LA0KPiA+IGZhaWx1cmUgdG8gcmVhZCBQQ0kgcm9tIGZpbGUgd2lsbCBicmluZyBSQU0gZnJl
ZSwgdGhlbiB0aGUgaW5jb3JyZWN0DQo+ID4gcWVtdV92ZnJlZSBjYWxsaW5nIHdpbGwgY2F1c2Ug
YSBzZWdtZW50IGZhdWx0Lg0KPiA+DQo+ID4gU2lnbmVkLW9mZi1ieTogWHVkb25nIEhhbyA8eHVk
b25nLmhhb0BpbnRlbC5jb20+DQo+ID4gLS0tDQo+ID4gIGV4ZWMuYyB8ICAgIDYgKy0tLS0tDQo+
ID4gIDEgZmlsZXMgY2hhbmdlZCwgMSBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQ0KPiA+
DQo+ID4gZGlmZiAtLWdpdCBhL2V4ZWMuYyBiL2V4ZWMuYw0KPiA+IGluZGV4IGZhMWUwYzMuLmQ0
MGQyMzcgMTAwNjQ0DQo+ID4gLS0tIGEvZXhlYy5jDQo+ID4gKysrIGIvZXhlYy5jDQo+ID4gQEAg
LTExNTIsMTUgKzExNTIsMTEgQEAgdm9pZCBxZW11X3JhbV9mcmVlKHJhbV9hZGRyX3QgYWRkcikN
Cj4gPiAgICAgICAgICAgICAgICAgIGFib3J0KCk7DQo+ID4gICNlbmRpZg0KPiA+ICAgICAgICAg
ICAgICB9IGVsc2Ugew0KPiA+IC0jaWYgZGVmaW5lZChUQVJHRVRfUzM5MFgpICYmIGRlZmluZWQo
Q09ORklHX0tWTSkNCj4gPiAtICAgICAgICAgICAgICAgIG11bm1hcChibG9jay0+aG9zdCwgYmxv
Y2stPmxlbmd0aCk7DQo+ID4gLSNlbHNlDQo+ID4gICAgICAgICAgICAgICAgICBpZiAoeGVuX2Vu
YWJsZWQoKSkgew0KPiA+ICAgICAgICAgICAgICAgICAgICAgIHhlbl9pbnZhbGlkYXRlX21hcF9j
YWNoZV9lbnRyeShibG9jay0+aG9zdCk7DQo+ID4gICAgICAgICAgICAgICAgICB9IGVsc2Ugew0K
PiA+IC0gICAgICAgICAgICAgICAgICAgIHFlbXVfdmZyZWUoYmxvY2stPmhvc3QpOw0KPiA+ICsg
ICAgICAgICAgICAgICAgICAgIG11bm1hcChibG9jay0+aG9zdCwgYmxvY2stPmxlbmd0aCk7DQo+
ID4gICAgICAgICAgICAgICAgICB9DQo+ID4gLSNlbmRpZg0KPiA+ICAgICAgICAgICAgICB9DQo+
ID4gICAgICAgICAgICAgIGdfZnJlZShibG9jayk7DQo+ID4gICAgICAgICAgICAgIGJyZWFrOw0K
PiANCj4gSnVzdCAiZ2l0IHB1bGwiLiA6KSAgVGhpcyBpcyB2ZXJ5IHNpbWlsYXIgdG8gY29tbWl0
IGU3YTA5YjkgKG9zZGVwOiBpbnRyb2R1Y2UNCj4gcWVtdV9hbm9uX3JhbV9mcmVlIHRvIGZyZWUg
cWVtdV9hbm9uX3JhbV9hbGxvYy1lZCBtZW1vcnksIDIwMTMtMDUtMTMpDQo+IA0KDQpPSywgdGhp
cyBjb21taXQgZG8gdGhlIHNhbWUgdGhpbmcgYXMgbXkgcGF0Y2gsIEkgZGlkIG5vdCBub3RpY2Ug
cWVtdSB1cHN0cmVhbSB0cmVlLCBqdXN0IHRha2UgYSBsb29rIGF0IHFlbXUta3ZtIHRyZWUsIGJ1
dCBJIHRoaW5rIHRoaXMgY29tbWl0IHNob3VsZCBiZSBiYWNrcG9ydCB0byBxZW11LWt2bSB0cmVl
LCBiZWNhdXNlIG1hbnkgdXNlciBhcmUgdXNpbmcgcWVtdS1rdm0gZm9yIEtWTS4gDQoNCkFueXdh
eSBwbGVhc2UgaWdub3JlIHRoaXMgcGF0Y2guDQoNClRoYW5rcywNCi1YdWRvbmcNCg0K
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Eric Blake May 24, 2013, 1:08 p.m. UTC | #3

On 05/23/2013 07:21 PM, Hao, Xudong wrote:
>> Just "git pull". :)  This is very similar to commit e7a09b9 (osdep: introduce
>> qemu_anon_ram_free to free qemu_anon_ram_alloc-ed memory, 2013-05-13)
>>
> 
> OK, this commit do the same thing as my patch, I did not notice qemu upstream tree, just take a look at qemu-kvm tree, but I think this commit should be backport to qemu-kvm tree, because many user are using qemu-kvm for KVM. 

That argues that the qemu-kvm tree needs one final commit that wipes
everything and replaces it with a readme file that tells users to
upgrade to the qemu upstream tree, now that the qemu-kvm tree has been
merged upstream and is no longer actively maintained.

Michael Tokarev May 28, 2013, 6:34 p.m. UTC | #4

Um, something's wrong with the Date.  Care to resend with that fixed?

Thanks,

/mjt

18.01.2009 02:13, Xudong Hao wrote:
> mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
> 7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
> issue.
[...]
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hao, Xudong May 29, 2013, 2:37 a.m. UTC | #5

> -----Original Message-----
> From: Michael Tokarev [mailto:mjt@tls.msk.ru]
> Sent: Wednesday, May 29, 2013 2:34 AM
> To: Hao, Xudong
> Cc: kvm@vger.kernel.org; gleb@redhat.com; pbonzini@redhat.com;
> qemu-devel@nongnu.org
> Subject: Re: [PATCH] qemu-kvm: fix unmatched RAM alloction/free
> 
> Um, something's wrong with the Date.  Care to resend with that fixed?
> 

Because the similar fix are already in qemu upstream, seems we need not this patch longer.

> Thanks,
> 
> /mjt
> 
> 18.01.2009 02:13, Xudong Hao wrote:
> > mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
> > 7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
> > issue.
> [...]
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/exec.c b/exec.c
index fa1e0c3..d40d237 100644
--- a/exec.c
+++ b/exec.c
@@ -1152,15 +1152,11 @@  void qemu_ram_free(ram_addr_t addr)
                 abort();
 #endif
             } else {
-#if defined(TARGET_S390X) && defined(CONFIG_KVM)
-                munmap(block->host, block->length);
-#else
                 if (xen_enabled()) {
                     xen_invalidate_map_cache_entry(block->host);
                 } else {
-                    qemu_vfree(block->host);
+                    munmap(block->host, block->length);
                 }
-#endif
             }
             g_free(block);
             break;