[Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively

From:	Michael S. Tsirkin
Subject:	[Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively
Date:	Thu, 25 Jul 2019 07:59:17 -0400

Previous patches switched to a temporary pbp but that does not go far
enough: after device uses a buffer, guest is free to reuse it, so
tracking the page and freeing it later is wrong.

Free and reset the pbp after we push each element.

Fixes: ed48c59875b6 ("virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host 
page size")
Cc: address@hidden #v4.0.0
Cc: David Hildenbrand <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
 hw/virtio/virtio-balloon.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index fe9664e42c..460a702463 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -39,13 +39,14 @@ typedef struct PartiallyBalloonedPage {
     unsigned long *bitmap;
 } PartiallyBalloonedPage;
 
-static void virtio_balloon_pbp_free(PartiallyBalloonedPage *pbp)
+static void virtio_balloon_pbp_free(PartiallyBalloonedPage **pbp)
 {
-    if (!pbp) {
+    if (!*pbp) {
         return;
     }
-    g_free(pbp->bitmap);
-    g_free(pbp);
+    g_free(*pbp->bitmap);
+    g_free(*pbp);
+    *pbp = NULL;
 }
 
 static PartiallyBalloonedPage *virtio_balloon_pbp_alloc(ram_addr_t base_gpa,
@@ -108,8 +109,7 @@ static void balloon_inflate_page(VirtIOBalloon *balloon,
         /* We've partially ballooned part of a host page, but now
          * we're trying to balloon part of a different one.  Too hard,
          * give up on the old partial page */
-        virtio_balloon_pbp_free(*pbp);
-        *pbp = NULL;
+        virtio_balloon_pbp_free(pbp);
     }
 
     if (!*pbp) {
@@ -127,8 +127,7 @@ static void balloon_inflate_page(VirtIOBalloon *balloon,
         /* We ignore errors from ram_block_discard_range(), because it
          * has already reported them, and failing to discard a balloon
          * page is not fatal */
-        virtio_balloon_pbp_free(*pbp);
-        *pbp = NULL;
+        virtio_balloon_pbp_free(pbp);
     }
 }
 
@@ -379,9 +378,8 @@ static void virtio_balloon_handle_output(VirtIODevice 
*vdev, VirtQueue *vq)
         virtqueue_push(vq, elem, offset);
         virtio_notify(vdev, vq);
         g_free(elem);
+        virtio_balloon_pbp_free(&pbp);
     }
-
-    virtio_balloon_pbp_free(pbp);
 }
 
 static void virtio_balloon_receive_stats(VirtIODevice *vdev, VirtQueue *vq)
-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively, Michael S. Tsirkin <=
- Re: [Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively, David Hildenbrand, 2019/07/25

Prev by Date: Re: [Qemu-devel] [PATCH-for-4.1 v4 6/7] virtio-balloon: Use temporary PBP only
Next by Date: [Qemu-devel] [PATCH v2] Fixes: add read-zeroes to 051.out
Previous by thread: [Qemu-devel] [PATCH-for-4.1 v4 0/7] virtio-balloon: fixes
Next by thread: Re: [Qemu-devel] [PATCH] virtio-balloon: free pbp more aggressively
Index(es):
- Date
- Thread