Xen project Mailing List

[Xen-devel] [PATCH v1] xen_disk: fix memory leak

From: Olaf Hering <olaf@xxxxxxxxx>

Date: Tue, 11 Dec 2018 17:02:24 +0100

Cc: Kevin Wolf <kwolf@xxxxxxxxxx>, Olaf Hering <olaf@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "open list:Block layer core" <qemu-block@xxxxxxxxxx>, Max Reitz <mreitz@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, "open list:X86" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 11 Dec 2018 16:02:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

There are some code paths that clobber ioreq->buf, which leads to a huge memory leak after a few hours of runtime. One code path is qemu_aio_complete, which might be called recursive. Another one is ioreq_reset, which might clobber ioreq->buf as well. Add wrappers to free ioreq->buf before reassignment. Signed-off-by: Olaf Hering <olaf@xxxxxxxxx> --- hw/block/xen_disk.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index 36eff94f84..e15eefe625 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -103,12 +103,24 @@ struct XenBlkDev { /* ------------------------------------------------------------- */ +static void ioreq_buf_alloc(struct ioreq *ioreq, size_t alignment) +{ + if (ioreq->buf) + qemu_vfree(ioreq->buf); + ioreq->buf = qemu_memalign(XC_PAGE_SIZE, ioreq->size); +} +static void ioreq_buf_free(struct ioreq *ioreq) +{ + if (ioreq->buf) + qemu_vfree(ioreq->buf); + ioreq->buf = NULL; +} static void ioreq_reset(struct ioreq *ioreq) { + ioreq_buf_free(ioreq); memset(&ioreq->req, 0, sizeof(ioreq->req)); ioreq->status = 0; ioreq->start = 0; - ioreq->buf = NULL; ioreq->size = 0; ioreq->presync = 0; @@ -315,14 +327,14 @@ static void qemu_aio_complete(void *opaque, int ret) if (ret == 0) { ioreq_grant_copy(ioreq); } - qemu_vfree(ioreq->buf); + ioreq_buf_free(ioreq); break; case BLKIF_OP_WRITE: case BLKIF_OP_FLUSH_DISKCACHE: if (!ioreq->req.nr_segments) { break; } - qemu_vfree(ioreq->buf); + ioreq_buf_free(ioreq); break; default: break; @@ -390,12 +402,12 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq) { struct XenBlkDev *blkdev = ioreq->blkdev; - ioreq->buf = qemu_memalign(XC_PAGE_SIZE, ioreq->size); + ioreq_buf_alloc(ioreq, XC_PAGE_SIZE); if (ioreq->req.nr_segments && (ioreq->req.operation == BLKIF_OP_WRITE || ioreq->req.operation == BLKIF_OP_FLUSH_DISKCACHE) && ioreq_grant_copy(ioreq)) { - qemu_vfree(ioreq->buf); + ioreq_buf_free(ioreq); goto err; } _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.