redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/arch/x86/mm
History
Dan Williams 10dcb79ec7 x86/mm: Fix leak of pmd ptlock 
commit d1c5246e08 upstream.

Commit

  28ee90fe60 ("x86/mm: implement free pmd/pte page interfaces")

introduced a new location where a pmd was released, but neglected to
run the pmd page destructor. In fact, this happened previously for a
different pmd release path and was fixed by commit:

  c283610e44 ("x86, mm: do not leak page->ptl for pmd page tables").

This issue was hidden until recently because the failure mode is silent,
but commit:

  b2b29d6d01 ("mm: account PMD tables like PTE tables")

turns the failure mode into this signature:

 BUG: Bad page state in process lt-pmem-ns  pfn:15943d
 page:000000007262ed7b refcount:0 mapcount:-1024 mapping:0000000000000000 index:0x0 pfn:0x15943d
 flags: 0xaffff800000000()
 raw: 00affff800000000 dead000000000100 0000000000000000 0000000000000000
 raw: 0000000000000000 ffff913a029bcc08 00000000fffffbff 0000000000000000
 page dumped because: nonzero mapcount
 [..]
  dump_stack+0x8b/0xb0
  bad_page.cold+0x63/0x94
  free_pcp_prepare+0x224/0x270
  free_unref_page+0x18/0xd0
  pud_free_pmd_page+0x146/0x160
  ioremap_pud_range+0xe3/0x350
  ioremap_page_range+0x108/0x160
  __ioremap_caller.constprop.0+0x174/0x2b0
  ? memremap+0x7a/0x110
  memremap+0x7a/0x110
  devm_memremap+0x53/0xa0
  pmem_attach_disk+0x4ed/0x530 [nd_pmem]
  ? __devm_release_region+0x52/0x80
  nvdimm_bus_probe+0x85/0x210 [libnvdimm]

Given this is a repeat occurrence it seemed prudent to look for other
places where this destructor might be missing and whether a better
helper is needed. try_to_free_pmd_page() looks like a candidate, but
testing with setting up and tearing down pmd mappings via the dax unit
tests is thus far not triggering the failure.

As for a better helper pmd_free() is close, but it is a messy fit
due to requiring an @mm arg. Also, ___pmd_free_tlb() wants to call
paravirt_tlb_remove_table() instead of free_page(), so open-coded
pgtable_pmd_page_dtor() seems the best way forward for now.

Debugged together with Matthew Wilcox <willy@infradead.org>.

Fixes: 28ee90fe60 ("x86/mm: implement free pmd/pte page interfaces")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Yi Zhang <yi.zhang@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/160697689204.605323.17629854984697045602.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-01-12 20:16:22 +01:00
..
Makefile treewide: prefix header search paths with $(srctree)/ 2019-05-18 11:49:57 +09:00
amdtopology.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
cpu_entry_area.c x86/pti/32: Calculate the various PTI cpu_entry_area sizes correctly, make the CPU_ENTRY_AREA_PAGES assert precise 2019-11-29 10:10:00 +01:00
debug_pagetables.c x86: mm: no need to check return value of debugfs_create functions 2019-06-03 16:18:12 +02:00
dump_pagetables.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
extable.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
fault.c x86/mm: split vmalloc_sync_all() 2020-03-25 08:25:58 +01:00
highmem_32.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
hugetlbpage.c mm: simplify MEMORY_ISOLATION && COMPACTION || CMA into CONTIG_ALLOC 2019-05-14 09:47:47 -07:00
ident_map.c x86/mm/ident_map: Check for errors from ident_pud_init() 2020-12-30 11:51:02 +01:00
init.c x86/mm: Stop printing BRK addresses 2020-06-22 09:31:08 +02:00
init_32.c mm/memory_hotplug: shrink zones when offlining memory 2020-01-09 10:19:56 +01:00
init_64.c mm/memory_hotplug: shrink zones when offlining memory 2020-01-09 10:19:56 +01:00
iomap_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ioremap.c x86/ioremap: Fix CONFIG_EFI=n build 2020-04-01 11:01:59 +02:00
kasan_init_64.c x86/kasan: Fix boot with 5-level paging and KASAN 2019-06-14 16:37:30 +02:00
kaslr.c x86/mm/KASLR: Compute the size of the vmemmap section properly 2019-06-07 23:12:13 +02:00
kmmio.c x86/mm/kmmio: Make the tracer robust against L1TF 2018-08-08 22:28:34 +02:00
mem_encrypt.c fs/core/vmcore: Move sev_active() reference to x86 arch code 2019-08-09 22:52:10 +10:00
mem_encrypt_boot.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mem_encrypt_identity.c x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP 2020-12-16 10:56:58 +01:00
mm_internal.h x86/mm: Do not use set_{pud, pmd}_safe() when splitting a large page 2019-05-08 19:08:35 +02:00
mmap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mmio-mod.c x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables 2020-06-07 13:18:51 +02:00
mpx.c signal: Remove task parameter from force_sig 2019-05-27 09:36:28 -05:00
numa.c x86/mm: Fix cpumask_of_node() error condition 2019-09-05 13:03:04 +02:00
numa_32.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_64.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_emulation.c x86, fakenuma: Fix invalid starting node ID 2020-09-09 19:12:28 +02:00
numa_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pageattr-test.c x86/mm/cpa: Simplify the code after making cpa->vaddr invariant 2018-12-17 18:54:25 +01:00
pageattr.c x86/mm/cpa: Flush direct map alias during cpa 2020-05-27 17:46:32 +02:00
pat.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
pat_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pat_rbtree.c augmented rbtree: add new RB_DECLARE_CALLBACKS_MAX macro 2019-09-25 17:51:39 -07:00
pf_in.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pf_in.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pgtable.c x86/mm: Fix leak of pmd ptlock 2021-01-12 20:16:22 +01:00
pgtable_32.c x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() 2018-02-15 01:15:52 +01:00
physaddr.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
physaddr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pkeys.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
pti.c x86/mm/pti: Do not invoke PTI functions when PTI is disabled 2019-08-29 20:52:53 +02:00
setup_nx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
srat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
testmmiotrace.c x86/mmiotrace: Lock down the testmmiotrace module 2019-08-19 21:54:16 -07:00
tlb.c x86/membarrier: Get rid of a dubious optimization 2020-12-16 10:56:59 +01:00