Changeset View
Changeset View
Standalone View
Standalone View
head/sysutils/xen-tools/files/xsa160-4.6.patch
| Property | Old Value | New Value |
|---|---|---|
| fbsd:nokeywords | null | yes \ No newline at end of property |
| From adcbd15b1aec8367f790774c998db199c9b577bf Mon Sep 17 00:00:00 2001 | |||||
| From: Ian Jackson <ian.jackson@eu.citrix.com> | |||||
| Date: Wed, 18 Nov 2015 15:34:54 +0000 | |||||
| Subject: [PATCH] libxl: Fix bootloader-related virtual memory leak on pv | |||||
| build failure | |||||
| The bootloader may call libxl__file_reference_map(), which mmap's the | |||||
| pv_kernel and pv_ramdisk into process memory. This was only unmapped, | |||||
| however, on the success path of libxl__build_pv(). If there were a | |||||
| failure anywhere between libxl_bootloader.c:parse_bootloader_result() | |||||
| and the end of libxl__build_pv(), the calls to | |||||
| libxl__file_reference_unmap() would be skipped, leaking the mapped | |||||
| virtual memory. | |||||
| Ideally this would be fixed by adding the unmap calls to the | |||||
| destruction path for libxl__domain_build_state. Unfortunately the | |||||
| lifetime of the libxl__domain_build_state is opaque, and it doesn't | |||||
| have a proper destruction path. But, the only thing in it that isn't | |||||
| from the gc are these bootloader references, and they are only ever | |||||
| set for one libxl__domain_build_state, the one which is | |||||
| libxl__domain_create_state.build_state. | |||||
| So we can clean up in the exit path from libxl__domain_create_*, which | |||||
| always comes through domcreate_complete. | |||||
| Remove the now-redundant unmaps in libxl__build_pv's success path. | |||||
| This is XSA-160. | |||||
| Signed-off-by: George Dunlap <george.dunlap@citrix.com> | |||||
| Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> | |||||
| Tested-by: George Dunlap <george.dunlap@citrix.com> | |||||
| Acked-by: Ian Campbell <ian.campbell@citrix.com> | |||||
| --- | |||||
| tools/libxl/libxl_create.c | 3 +++ | |||||
| tools/libxl/libxl_dom.c | 3 --- | |||||
| 2 files changed, 3 insertions(+), 3 deletions(-) | |||||
| diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c | |||||
| index f5771da..278b9ed 100644 | |||||
| --- a/tools/libxl/libxl_create.c | |||||
| +++ b/tools/libxl/libxl_create.c | |||||
| @@ -1484,6 +1484,9 @@ static void domcreate_complete(libxl__egc *egc, | |||||
| libxl_domain_config *const d_config = dcs->guest_config; | |||||
| libxl_domain_config *d_config_saved = &dcs->guest_config_saved; | |||||
| + libxl__file_reference_unmap(&dcs->build_state.pv_kernel); | |||||
| + libxl__file_reference_unmap(&dcs->build_state.pv_ramdisk); | |||||
| + | |||||
| if (!rc && d_config->b_info.exec_ssidref) | |||||
| rc = xc_flask_relabel_domain(CTX->xch, dcs->guest_domid, d_config->b_info.exec_ssidref); | |||||
| diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c | |||||
| index 8019f4e..2da3ac4 100644 | |||||
| --- a/tools/libxl/libxl_dom.c | |||||
| +++ b/tools/libxl/libxl_dom.c | |||||
| @@ -750,9 +750,6 @@ int libxl__build_pv(libxl__gc *gc, uint32_t domid, | |||||
| state->store_mfn = xc_dom_p2m_host(dom, dom->xenstore_pfn); | |||||
| } | |||||
| - libxl__file_reference_unmap(&state->pv_kernel); | |||||
| - libxl__file_reference_unmap(&state->pv_ramdisk); | |||||
| - | |||||
| ret = 0; | |||||
| out: | |||||
| xc_dom_release(dom); | |||||
| -- | |||||
| 1.7.10.4 | |||||