From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] qemu-kvm: fix unmatched RAM alloction/free
Date: Thu, 23 May 2013 13:13:29 -0400 (EDT)
Message-ID: <12651812.6747454.1369329209342.JavaMail.root@redhat.com>
References: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org, gleb@redhat.com, qemu-devel@nongnu.org
To: Xudong Hao <xudong.hao@intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx3-phx2.redhat.com ([209.132.183.24]:55782 "EHLO
	mx3-phx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1758108Ab3EWRNv (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 23 May 2013 13:13:51 -0400
In-Reply-To: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

> mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
> 7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
> issue.
> 
> This issue appears when a PCI device is being assigned to KVM guest,
> failure to read PCI rom file will bring RAM free, then the incorrect
> qemu_vfree calling will cause a segment fault.
> 
> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> ---
>  exec.c |    6 +-----
>  1 files changed, 1 insertions(+), 5 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index fa1e0c3..d40d237 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1152,15 +1152,11 @@ void qemu_ram_free(ram_addr_t addr)
>                  abort();
>  #endif
>              } else {
> -#if defined(TARGET_S390X) && defined(CONFIG_KVM)
> -                munmap(block->host, block->length);
> -#else
>                  if (xen_enabled()) {
>                      xen_invalidate_map_cache_entry(block->host);
>                  } else {
> -                    qemu_vfree(block->host);
> +                    munmap(block->host, block->length);
>                  }
> -#endif
>              }
>              g_free(block);
>              break;

Just "git pull". :)  This is very similar to commit e7a09b9 (osdep: introduce
qemu_anon_ram_free to free qemu_anon_ram_alloc-ed memory, 2013-05-13)

Paolo

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56877)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1UfZ5Q-00016b-32
	for qemu-devel@nongnu.org; Thu, 23 May 2013 13:14:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1UfZ5L-0002el-3W
	for qemu-devel@nongnu.org; Thu, 23 May 2013 13:13:56 -0400
Received: from mx3-phx2.redhat.com ([209.132.183.24]:47731)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1UfZ5K-0002eV-Qa
	for qemu-devel@nongnu.org; Thu, 23 May 2013 13:13:51 -0400
Date: Thu, 23 May 2013 13:13:29 -0400 (EDT)
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <12651812.6747454.1369329209342.JavaMail.root@redhat.com>
In-Reply-To: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
References: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] qemu-kvm: fix unmatched RAM alloction/free
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Xudong Hao <xudong.hao@intel.com>
Cc: gleb@redhat.com, kvm@vger.kernel.org, qemu-devel@nongnu.org

> mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
> 7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
> issue.
> 
> This issue appears when a PCI device is being assigned to KVM guest,
> failure to read PCI rom file will bring RAM free, then the incorrect
> qemu_vfree calling will cause a segment fault.
> 
> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> ---
>  exec.c |    6 +-----
>  1 files changed, 1 insertions(+), 5 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index fa1e0c3..d40d237 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1152,15 +1152,11 @@ void qemu_ram_free(ram_addr_t addr)
>                  abort();
>  #endif
>              } else {
> -#if defined(TARGET_S390X) && defined(CONFIG_KVM)
> -                munmap(block->host, block->length);
> -#else
>                  if (xen_enabled()) {
>                      xen_invalidate_map_cache_entry(block->host);
>                  } else {
> -                    qemu_vfree(block->host);
> +                    munmap(block->host, block->length);
>                  }
> -#endif
>              }
>              g_free(block);
>              break;

Just "git pull". :)  This is very similar to commit e7a09b9 (osdep: introduce
qemu_anon_ram_free to free qemu_anon_ram_alloc-ed memory, 2013-05-13)

Paolo