|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Fix misplaced kfree from xlated_setup_gnttab_pages
On Fri, Jan 24, 2014 at 01:31:14PM -0500, Dave Jones wrote:
> Passing a freed 'pages' to free_xenballooned_pages will end badly
> on kernels with slub debug enabled.
Ouch.
>
> This looks out of place between the rc assign and the check, and
> was likely a cut-and-paste error.
>
> Signed-off-by: Dave Jones <davej@xxxxxxxxxxxxxxxxx>
>
> diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
> index 103c93f874b2..28990cc97304 100644
> --- a/arch/x86/xen/grant-table.c
> +++ b/arch/x86/xen/grant-table.c
> @@ -161,12 +161,11 @@ static int __init xlated_setup_gnttab_pages(void)
>
> rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
> &xen_auto_xlat_grant_frames.vaddr);
> -
> - kfree(pages);
> if (rc) {
> pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
> nr_grant_frames, rc);
> free_xenballooned_pages(nr_grant_frames, pages);
> + kfree(pages);
> kfree(pfns);
> return rc;
> }
Actually it should also be freed on the success path, as so:
I can squash it in, if you are OK with that?
diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
index 103c93f..c985835 100644
--- a/arch/x86/xen/grant-table.c
+++ b/arch/x86/xen/grant-table.c
@@ -162,14 +162,15 @@ static int __init xlated_setup_gnttab_pages(void)
rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
&xen_auto_xlat_grant_frames.vaddr);
- kfree(pages);
if (rc) {
pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
nr_grant_frames, rc);
free_xenballooned_pages(nr_grant_frames, pages);
+ kfree(pages);
kfree(pfns);
return rc;
}
+ kfree(pages);
xen_auto_xlat_grant_frames.pfn = pfns;
xen_auto_xlat_grant_frames.count = nr_grant_frames;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |