balloon_page_dequeue() can return NULL. If it does for the first page
being freed then leak_balloon() will create a scatter list with len=0.
Which in turn seems to generate an invalid virtio request.
I didn't get this in practice, I found it by code review. On the other
hand, such an invalid virtio request will cause errors in QEMU and
fill_balloon() also performs the same check implemented by this commit.
This bug was introduced in
|
||
---|---|---|
.. | ||
config.c | ||
Kconfig | ||
Makefile | ||
virtio_balloon.c | ||
virtio_mmio.c | ||
virtio_pci.c | ||
virtio_ring.c | ||
virtio.c |