From 5faf7c1455b0edf96a563ab08461f62fdb19395a Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov Date: Wed, 1 Oct 2014 15:35:36 +0200 Subject: [PATCH] libxc: fix mmap leak in xc_unmap_domain_meminfo/xc_map_domain_meminfo xc_unmap_domain_meminfo uses P2M_FLL_ENTRIES macro instead of P2M_FL_ENTRIES. Moreover, P2M_FL_ENTRIES macro uses (dinfo->p2m_size) which is always 0 here as we don't initialize it. The result is that we always unmap just 1 frame. xc_map_domain_meminfo uses P2M_FLL_ENTRIES macro instead of P2M_FL_ENTRIES on failure path. The issue went unnoticed mostly because we use unmap_domain_meminfo and xc_map_domain_meminfo in one-shot xen-mfndump and xen-hptool (through xc_exchange_page()) tools. When used is long-running apps (e.g. in xl) domains become zombies after their death. Signed-off-by: Vitaly Kuznetsov Acked-by: Ian Campbell --- tools/libxc/xc_domain.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/libxc/xc_domain.c b/tools/libxc/xc_domain.c index 6e0e3552de..a9bcd4a0bf 100644 --- a/tools/libxc/xc_domain.c +++ b/tools/libxc/xc_domain.c @@ -1838,12 +1838,13 @@ int xc_domain_bind_pt_isa_irq( int xc_unmap_domain_meminfo(xc_interface *xch, struct xc_domain_meminfo *minfo) { - struct domain_info_context _di = { .guest_width = minfo->guest_width }; + struct domain_info_context _di = { .guest_width = minfo->guest_width, + .p2m_size = minfo->p2m_size}; struct domain_info_context *dinfo = &_di; free(minfo->pfn_type); if ( minfo->p2m_table ) - munmap(minfo->p2m_table, P2M_FLL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); minfo->p2m_table = NULL; return 0; @@ -1954,7 +1955,7 @@ failed: } if ( minfo->p2m_table ) { - munmap(minfo->p2m_table, P2M_FLL_ENTRIES * PAGE_SIZE); + munmap(minfo->p2m_table, P2M_FL_ENTRIES * PAGE_SIZE); minfo->p2m_table = NULL; } -- 2.30.2