Data buffer for active map is allocated in alloc_active_ring and freed
in free_active_ring function, which is used only for the error
cleanup. pvcalls_front_release is calling pvcalls_front_free_map which
ends foreign access for this buffer, but doesn't free allocated pages.
Call free_active_ring to clean all allocated resources.
Signed-off-by: Oleksii Moisieiev <[email protected]>
---
drivers/xen/pvcalls-front.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c
index 1826e8e67125..9b569278788a 100644
--- a/drivers/xen/pvcalls-front.c
+++ b/drivers/xen/pvcalls-front.c
@@ -225,6 +225,8 @@ static irqreturn_t pvcalls_front_event_handler(int irq, void *dev_id)
return IRQ_HANDLED;
}
+static void free_active_ring(struct sock_mapping *map);
+
static void pvcalls_front_free_map(struct pvcalls_bedata *bedata,
struct sock_mapping *map)
{
@@ -240,7 +242,7 @@ static void pvcalls_front_free_map(struct pvcalls_bedata *bedata,
for (i = 0; i < (1 << PVCALLS_RING_ORDER); i++)
gnttab_end_foreign_access(map->active.ring->ref[i], NULL);
gnttab_end_foreign_access(map->active.ref, NULL);
- free_page((unsigned long)map->active.ring);
+ free_active_ring(map);
kfree(map);
}
--
2.25.1
On Tue, 20 Dec 2022, Oleksii Moisieiev wrote:
> Data buffer for active map is allocated in alloc_active_ring and freed
> in free_active_ring function, which is used only for the error
> cleanup. pvcalls_front_release is calling pvcalls_front_free_map which
> ends foreign access for this buffer, but doesn't free allocated pages.
> Call free_active_ring to clean all allocated resources.
>
> Signed-off-by: Oleksii Moisieiev <[email protected]>
Reviewed-by: Stefano Stabellini <[email protected]>
> ---
> drivers/xen/pvcalls-front.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c
> index 1826e8e67125..9b569278788a 100644
> --- a/drivers/xen/pvcalls-front.c
> +++ b/drivers/xen/pvcalls-front.c
> @@ -225,6 +225,8 @@ static irqreturn_t pvcalls_front_event_handler(int irq, void *dev_id)
> return IRQ_HANDLED;
> }
>
> +static void free_active_ring(struct sock_mapping *map);
> +
> static void pvcalls_front_free_map(struct pvcalls_bedata *bedata,
> struct sock_mapping *map)
> {
> @@ -240,7 +242,7 @@ static void pvcalls_front_free_map(struct pvcalls_bedata *bedata,
> for (i = 0; i < (1 << PVCALLS_RING_ORDER); i++)
> gnttab_end_foreign_access(map->active.ring->ref[i], NULL);
> gnttab_end_foreign_access(map->active.ref, NULL);
> - free_page((unsigned long)map->active.ring);
> + free_active_ring(map);
>
> kfree(map);
> }
> --
> 2.25.1
>
On 20.12.22 15:50, Oleksii Moisieiev wrote:
> Data buffer for active map is allocated in alloc_active_ring and freed
> in free_active_ring function, which is used only for the error
> cleanup. pvcalls_front_release is calling pvcalls_front_free_map which
> ends foreign access for this buffer, but doesn't free allocated pages.
> Call free_active_ring to clean all allocated resources.
>
> Signed-off-by: Oleksii Moisieiev <[email protected]>
Pushed to xen/tip.git for-linus-6.2
Juergen