virtio_balloon: fix race by fill and leak
During my compaction-related stuff, I encountered a bug with ballooning. With repeated inflating and deflating cycle, guest memory( ie, cat /proc/meminfo | grep MemTotal) is decreased and couldn't be recovered. The reason is balloon_lock doesn't cover release_pages_balloon so struct virtio_balloon fields could be overwritten by race of fill_balloon(e,g, vb->*pfns could be critical). This patch fixes it in my test. Cc: <stable@vger.kernel.org> Signed-off-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
779a6a3696
commit
f68b992bbb
|
@ -209,8 +209,8 @@ static unsigned leak_balloon(struct virtio_balloon *vb, size_t num)
|
|||
*/
|
||||
if (vb->num_pfns != 0)
|
||||
tell_host(vb, vb->deflate_vq);
|
||||
mutex_unlock(&vb->balloon_lock);
|
||||
release_pages_balloon(vb);
|
||||
mutex_unlock(&vb->balloon_lock);
|
||||
return num_freed_pages;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue