[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.4] libxl: Fix bootloader-related virtual memory leak on pv build failure
commit 62dc4c1a96eb9b40ec23bdd1656ece913f540871 Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> AuthorDate: Wed Nov 18 15:34:54 2015 +0000 Commit: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> CommitDate: Tue Dec 8 15:31:45 2015 +0000 libxl: Fix bootloader-related virtual memory leak on pv build failure The bootloader may call libxl__file_reference_map(), which mmap's the pv_kernel and pv_ramdisk into process memory. This was only unmapped, however, on the success path of libxl__build_pv(). If there were a failure anywhere between libxl_bootloader.c:parse_bootloader_result() and the end of libxl__build_pv(), the calls to libxl__file_reference_unmap() would be skipped, leaking the mapped virtual memory. Ideally this would be fixed by adding the unmap calls to the destruction path for libxl__domain_build_state. Unfortunately the lifetime of the libxl__domain_build_state is opaque, and it doesn't have a proper destruction path. But, the only thing in it that isn't from the gc are these bootloader references, and they are only ever set for one libxl__domain_build_state, the one which is libxl__domain_create_state.build_state. So we can clean up in the exit path from libxl__domain_create_*, which always comes through domcreate_complete. Remove the now-redundant unmaps in libxl__build_pv's success path. This is XSA-160. Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Tested-by: George Dunlap <george.dunlap@xxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- tools/libxl/libxl_create.c | 3 +++ tools/libxl/libxl_dom.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index e3350d5..5292c15 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1295,6 +1295,9 @@ static void domcreate_complete(libxl__egc *egc, STATE_AO_GC(dcs->ao); libxl_domain_config *const d_config = dcs->guest_config; + libxl__file_reference_unmap(&dcs->build_state.pv_kernel); + libxl__file_reference_unmap(&dcs->build_state.pv_ramdisk); + if (!rc && d_config->b_info.exec_ssidref) rc = xc_flask_relabel_domain(CTX->xch, dcs->guest_domid, d_config->b_info.exec_ssidref); diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c index 52bc01a..978a1eb 100644 --- a/tools/libxl/libxl_dom.c +++ b/tools/libxl/libxl_dom.c @@ -451,9 +451,6 @@ int libxl__build_pv(libxl__gc *gc, uint32_t domid, state->store_mfn = xc_dom_p2m_host(dom, dom->xenstore_pfn); } - libxl__file_reference_unmap(&state->pv_kernel); - libxl__file_reference_unmap(&state->pv_ramdisk); - ret = 0; out: xc_dom_release(dom); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.4 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |