From patchwork Sat Jan 17 23:13:10 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Hao, Xudong" <xudong.hao@intel.com>
X-Patchwork-Id: 245793
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 60C562C00A7
	for <incoming@patchwork.ozlabs.org>;
	Thu, 23 May 2013 11:03:07 +1000 (EST)
Received: from localhost ([::1]:56467 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1UfJvt-00079W-Cm
	for incoming@patchwork.ozlabs.org; Wed, 22 May 2013 21:03:05 -0400
Received: from eggs.gnu.org ([208.118.235.92]:54106)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvR-0006uj-MZ
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvM-000708-J4
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:37 -0400
Received: from mga01.intel.com ([192.55.52.88]:42607)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xudong.hao@intel.com>) id 1UfJvM-0006zL-C7
	for qemu-devel@nongnu.org; Wed, 22 May 2013 21:02:32 -0400
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
	by fmsmga101.fm.intel.com with ESMTP; 22 May 2013 18:02:30 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.87,724,1363158000"; d="scan'208";a="342018277"
Received: from xhao-dev.sh.intel.com (HELO localhost.localdomain)
	([10.239.48.48])
	by fmsmga002.fm.intel.com with ESMTP; 22 May 2013 18:02:29 -0700
From: Xudong Hao <xudong.hao@intel.com>
To: kvm@vger.kernel.org
Date: Sun, 18 Jan 2009 07:13:10 +0800
Message-Id: <1232233990-20383-1-git-send-email-xudong.hao@intel.com>
X-Mailer: git-send-email 1.5.5
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 192.55.52.88
Cc: pbonzini@redhat.com, Xudong Hao <xudong.hao@intel.com>,
	qemu-devel@nongnu.org, gleb@redhat.com
Subject: [Qemu-devel] [PATCH] qemu-kvm: fix unmatched RAM alloction/free
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

mmap is used in qemu_vmalloc function instead of qemu_memalign(commit
7dda5dc8), so it should change qemu_vfree to munmap to fix a unmatched
issue.

This issue appears when a PCI device is being assigned to KVM guest,
failure to read PCI rom file will bring RAM free, then the incorrect
qemu_vfree calling will cause a segment fault.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
---
 exec.c |    6 +-----
 1 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index fa1e0c3..d40d237 100644
--- a/exec.c
+++ b/exec.c
@@ -1152,15 +1152,11 @@ void qemu_ram_free(ram_addr_t addr)
                 abort();
 #endif
             } else {
-#if defined(TARGET_S390X) && defined(CONFIG_KVM)
-                munmap(block->host, block->length);
-#else
                 if (xen_enabled()) {
                     xen_invalidate_map_cache_entry(block->host);
                 } else {
-                    qemu_vfree(block->host);
+                    munmap(block->host, block->length);
                 }
-#endif
             }
             g_free(block);
             break;