[PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
@ 2023-05-30 19:32 Oliver Upton
  2023-05-30 20:45 ` Yu Zhao
  2023-05-31  7:07 ` Marc Zyngier
  0 siblings, 2 replies; 3+ messages in thread
From: Oliver Upton @ 2023-05-30 19:32 UTC (permalink / raw)
  To: kvmarm
  Cc: Marc Zyngier, James Morse, Suzuki K Poulose, Zenghui Yu,
	Fuad Tabba, Will Deacon, Oliver Upton, stable, Yu Zhao

The reference count on page table allocations is increased for every
'counted' PTE (valid or donated) in the table in addition to the initial
reference from ->zalloc_page(). kvm_pgtable_stage2_free_removed() fails
to drop the last reference on the root of the table walk, meaning we
leak memory.

Fix it by dropping the last reference after the free walker returns,
at which point all references for 'counted' PTEs have been released.

Cc: stable@vger.kernel.org
Fixes: 5c359cca1faf ("KVM: arm64: Tear down unlinked stage-2 subtree after break-before-make")
Reported-by: Yu Zhao <yuzhao@google.com>
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
 arch/arm64/kvm/hyp/pgtable.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
index e1eacffbc41f..95dae02ccc2e 100644
--- a/arch/arm64/kvm/hyp/pgtable.c
+++ b/arch/arm64/kvm/hyp/pgtable.c
@@ -1332,4 +1332,7 @@ void kvm_pgtable_stage2_free_removed(struct kvm_pgtable_mm_ops *mm_ops, void *pg
 	};
 
 	WARN_ON(__kvm_pgtable_walk(&data, mm_ops, ptep, level + 1));
+
+	WARN_ON(mm_ops->page_count(pgtable) != 1);
+	mm_ops->put_page(pgtable);
 }

base-commit: 811154e234db72f0a11557a84ba9640f8b3bc823
-- 
2.41.0.rc0.172.g3f132b7071-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
  2023-05-30 19:32 [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed() Oliver Upton
@ 2023-05-30 20:45 ` Yu Zhao
  2023-05-31  7:07 ` Marc Zyngier
  1 sibling, 0 replies; 3+ messages in thread
From: Yu Zhao @ 2023-05-30 20:45 UTC (permalink / raw)
  To: Oliver Upton
  Cc: kvmarm, Marc Zyngier, James Morse, Suzuki K Poulose, Zenghui Yu,
	Fuad Tabba, Will Deacon, stable

On Tue, May 30, 2023 at 1:32 PM Oliver Upton <oliver.upton@linux.dev> wrote:
>
> The reference count on page table allocations is increased for every
> 'counted' PTE (valid or donated) in the table in addition to the initial
> reference from ->zalloc_page(). kvm_pgtable_stage2_free_removed() fails
> to drop the last reference on the root of the table walk, meaning we
> leak memory.
>
> Fix it by dropping the last reference after the free walker returns,
> at which point all references for 'counted' PTEs have been released.
>
> Cc: stable@vger.kernel.org
> Fixes: 5c359cca1faf ("KVM: arm64: Tear down unlinked stage-2 subtree after break-before-make")
> Reported-by: Yu Zhao <yuzhao@google.com>
> Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

Tested-by: Yu Zhao <yuzhao@google.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
  2023-05-30 19:32 [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed() Oliver Upton
  2023-05-30 20:45 ` Yu Zhao
@ 2023-05-31  7:07 ` Marc Zyngier
  1 sibling, 0 replies; 3+ messages in thread
From: Marc Zyngier @ 2023-05-31  7:07 UTC (permalink / raw)
  To: Oliver Upton, kvmarm
  Cc: Suzuki K Poulose, Zenghui Yu, Yu Zhao, Fuad Tabba, James Morse,
	Will Deacon, stable

On Tue, 30 May 2023 19:32:13 +0000, Oliver Upton wrote:
> The reference count on page table allocations is increased for every
> 'counted' PTE (valid or donated) in the table in addition to the initial
> reference from ->zalloc_page(). kvm_pgtable_stage2_free_removed() fails
> to drop the last reference on the root of the table walk, meaning we
> leak memory.
> 
> Fix it by dropping the last reference after the free walker returns,
> at which point all references for 'counted' PTEs have been released.

Applied to fixes, thanks!

[1/1] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
      commit: f6a27d6dc51b288106adaf053cff9c9b9cc12c4e

Cheers,

	M.
-- 
Without deviation from the norm, progress is not possible.



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-05-31  7:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-30 19:32 [PATCH] KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed() Oliver Upton
2023-05-30 20:45 ` Yu Zhao
2023-05-31  7:07 ` Marc Zyngier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox