[PATCH v2] hv: hv_balloon: avoid memory leak on alloc_error of 2MB memory block

KY Srinivasan kys at microsoft.com
Tue Nov 25 05:10:33 UTC 2014



> -----Original Message-----
> From: Dexuan Cui [mailto:decui at microsoft.com]
> Sent: Monday, November 24, 2014 8:33 PM
> To: gregkh at linuxfoundation.org; linux-kernel at vger.kernel.org; driverdev-
> devel at linuxdriverproject.org; olaf at aepfle.de; apw at canonical.com;
> jasowang at redhat.com; KY Srinivasan
> Cc: Haiyang Zhang
> Subject: [PATCH v2] hv: hv_balloon: avoid memory leak on alloc_error of
> 2MB memory block
> 
> If num_ballooned is not 0, we shouldn't neglect the already-partially-
> allocated 2MB memory block(s).
> 
> Cc: Jason Wang <jasowang at redhat.com>
> Cc: K. Y. Srinivasan <kys at microsoft.com>
> Signed-off-by: Dexuan Cui <decui at microsoft.com>

Signed-off-by: K. Y. Srinivasan <kys at microsoft.com>
> ---
> 
> v2: I fixed the logic error in v1, pointed by Jason Wang:
> 	In v1: in the case of partially-allocated 2MB, alloc_error is true,
> 	so we'll run "done = true" and hence we won't proceed with
> 	the next iteration of trying 4K allocation.
> 
>     I also changed the WARN_ON to WARN_ON_ONCE in case the host
> behavior
>     changes in the future.
> 
>  drivers/hv/hv_balloon.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c index
> 5e90c5d..b958ded 100644
> --- a/drivers/hv/hv_balloon.c
> +++ b/drivers/hv/hv_balloon.c
> @@ -1087,10 +1087,12 @@ static void balloon_up(struct work_struct
> *dummy)
>  	struct dm_balloon_response *bl_resp;
>  	int alloc_unit;
>  	int ret;
> -	bool alloc_error = false;
> +	bool alloc_error;
>  	bool done = false;
>  	int i;
> 
> +	/* The host balloons pages in 2M granularity. */
> +	WARN_ON_ONCE(num_pages % PAGES_IN_2M != 0);
> 
>  	/*
>  	 * We will attempt 2M allocations. However, if we fail to @@ -1107,16
> +1109,18 @@ static void balloon_up(struct work_struct *dummy)
> 
> 
>  		num_pages -= num_ballooned;
> +		alloc_error = false;
>  		num_ballooned = alloc_balloon_pages(&dm_device,
> num_pages,
>  						bl_resp, alloc_unit,
>  						 &alloc_error);
> 
> -		if ((alloc_error) && (alloc_unit != 1)) {
> +		if (alloc_unit != 1 && num_ballooned == 0) {
>  			alloc_unit = 1;
>  			continue;
>  		}
> 
> -		if ((alloc_error) || (num_ballooned == num_pages)) {
> +		if ((alloc_unit == 1 && alloc_error) ||
> +			(num_ballooned == num_pages)) {
>  			bl_resp->more_pages = 0;
>  			done = true;
>  			dm_device.state = DM_INITIALIZED;
> --
> 1.9.1



More information about the devel mailing list