From: Ronny Hegewald Date: Tue, 27 Nov 2012 14:13:39 +0000 (+0000) Subject: libxl: fix a variable underflow in libxl_wait_for_free_memory X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7614 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=b98cd5c1b5a6f81a4ee3ac76800fa390dc91cea1;p=xen.git libxl: fix a variable underflow in libxl_wait_for_free_memory When xl is called to create a domU and there is not enough memory available, then the autoballooning is called to extract memory from dom0. During the ballooning a loop in libxl_wait_for_free_memory() waits unless enough memory is available to create the domU. But because of a variable-underflow the loop can finish too soon and xl finally aborts with the message: xc: error: panic: xc_dom_boot.c:161: xc_dom_boot_mem_init: can't allocate low memory for domain: Out of memory libxl: error: libxl_dom.c:430:libxl__build_pv: xc_dom_boot_mem_init failed: Device or resource busy libxl: error: libxl_create.c:901:domcreate_rebuild_done: cannot (re-)build domain: -3 The variable-underflow happens when freemem_slack is larger then info.free_pages*4, because the solution of this operation is converted implicit to a unsigned int to match the type of memory_kb. Add a extra check for this condition to solve the problem. Signed-off-by: Ronny Hegewald Acked-by: Ian Campbell Committed-by: Ian Campbell --- diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index de75ee0f25..6c77556cd5 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -3764,7 +3764,8 @@ int libxl_wait_for_free_memory(libxl_ctx *ctx, uint32_t domid, uint32_t rc = libxl_get_physinfo(ctx, &info); if (rc < 0) goto out; - if (info.free_pages * 4 - freemem_slack >= memory_kb) { + if (info.free_pages * 4 >= freemem_slack && + info.free_pages * 4 - freemem_slack >= memory_kb) { rc = 0; goto out; }