From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue, 23 Apr 2019 15:18:29 +0000 (+0100)
Subject: xen/timers: Fix memory leak with cpu unplug/plug (take 2)
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2292
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e978e9ed9e1ff0dc326e72708ed03cac2ba41db8;p=xen.git

xen/timers: Fix memory leak with cpu unplug/plug (take 2)

Previous attempts to fix this leak didn't identify the root cause, and
ultimately failed.  The cause is actually the CPU_UP_PREPARE case
(re)initialising ts->heap back to dummy_heap, which leaks the previous
allocation.

Rearrange the logic to only initialise ts once.  This also avoids the
redundant (but benign, due to ts->inactive always being empty) initialising of
the other ts fields.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/timer.c b/xen/common/timer.c
index 9ee500b3a7..c85273bf82 100644
--- a/xen/common/timer.c
+++ b/xen/common/timer.c
@@ -638,9 +638,13 @@ static int cpu_callback(
     switch ( action )
     {
     case CPU_UP_PREPARE:
-        INIT_LIST_HEAD(&ts->inactive);
-        spin_lock_init(&ts->lock);
-        ts->heap = dummy_heap;
+        /* Only initialise ts once. */
+        if ( !ts->heap )
+        {
+            INIT_LIST_HEAD(&ts->inactive);
+            spin_lock_init(&ts->lock);
+            ts->heap = dummy_heap;
+        }
         break;
 
     case CPU_UP_CANCELED: