[PATCH] libxl: Fix Domain-0 ballooning logic

Jim Fehlig <jfehlig@xxxxxxxx> · Mon, 18 Sep 2023 11:16:23 -0600

When Domain-0 autoballooning is enabled, it's possible that memory may
need to be ballooned down in Domain-0 to accommodate the needs of another
virtual machine. libxlDomainFreeMemory handles this task, but due to a
logic bug is underflowing the variable containing Domain-0 new
target memory. The resulting huge numbers are filtered by
libxlSetMemoryTargetWrapper and memory is not changed.

Under the covers, libxlDomainFreeMemory uses Xen's libxl_set_memory_target
API, which includes a 'relative' parameter for specifying how to set the
target. If true, the target is an increment/decrement value over the
current memory, otherwise target is taken as an absolute value.
libxlDomainFreeMemory sets 'relative' to true, but never allows for
negative values by declaring the target memory variable as an unsigned.
Fix by declaring the variable as signed, which also requried adjusting
libxlSetMemoryTargetWrapper.

Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
 src/libxl/libxl_api_wrapper.h | 16 ++++++----------
 src/libxl/libxl_domain.c      |  2 +-
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/libxl/libxl_api_wrapper.h b/src/libxl/libxl_api_wrapper.h
index a9627f7983..c9582294cc 100644
--- a/src/libxl/libxl_api_wrapper.h
+++ b/src/libxl/libxl_api_wrapper.h
@@ -193,24 +193,20 @@ libxlSendTriggerWrapper(libxl_ctx *ctx,
 static inline int
 libxlSetMemoryTargetWrapper(libxl_ctx *ctx,
                         uint32_t domid,
-                        uint64_t target_memkb,
+                        int64_t target_memkb,
                         int relative,
                         int enforce)
 {
     int ret = -1;
 
-    /* Technically this guard could be LIBXL_HAVE_MEMKB_64BITS */
-#if LIBXL_API_VERSION < 0x040800
-    if (target_memkb < UINT_MAX) {
-        uint32_t val32 = target_memkb;
+#ifdef LIBXL_HAVE_MEMKB_64BITS
+    ret = libxl_set_memory_target(ctx, domid, target_memkb, relative, enforce);
+#else
+    if (target_memkb < INT_MAX) {
+        int32_t val32 = target_memkb;
 
         ret = libxl_set_memory_target(ctx, domid, val32, relative, enforce);
     }
-#else
-    if (target_memkb < LLONG_MAX) {
-        int64_t val64 = target_memkb;
-        ret = libxl_set_memory_target(ctx, domid, val64, relative, enforce);
-    }
 #endif
 
     return ret;
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 6c167df63e..0c4beffd6a 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -926,7 +926,7 @@ libxlDomainFreeMem(libxl_ctx *ctx, libxl_domain_config *d_config)
 {
     uint64_t needed_mem;
     uint64_t free_mem;
-    uint64_t target_mem;
+    int64_t target_mem;
     int tries = 3;
     int wait_secs = 10;
 
-- 
2.42.0








