Received: by 10.213.65.68 with SMTP id h4csp898323imn; Wed, 14 Mar 2018 03:37:47 -0700 (PDT) X-Google-Smtp-Source: AG47ELt3bsqUH6iKb6bviKJvJ1yhHtMWWMB+xIHRVROKu4X62cvvuwv8qhJEgZT6d/fcJ3guNZ0N X-Received: by 10.99.109.139 with SMTP id i133mr3163728pgc.194.1521023867028; Wed, 14 Mar 2018 03:37:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521023866; cv=none; d=google.com; s=arc-20160816; b=ghELttFwGEaMQJ21zUQPHHelPBGz3Zy6B0lFl6vb5NwCQfAO7n0CxlT63UI4St0hRN HgsgHMXdTwWCV/8qJSu3p28w34sLO1NgZvHkEUi+KlDrOTQega+tcVLDCK5jGQhje8rS D/UiCTt7sePj1tVi9isGnLt8NjgZ+G5jtkupCoT1rlgrRyR/mwEAZE1RKA23tvlFoqU+ Av2ryMAAYqZsJ4Zbhmho/dIk7fYxOyelL1pcHZKH1L2LZH0mP3fjuHwMS8eCUd0g0GIm O3TJUrDJE82wp+MQ8uJAeCoxyRPkA6radvFkiUhpnIP5IwrtoNL88d5wKnkzvd3S/rtq N8Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=J6ZPbNYhP0Bj0QCepzeXHvUHlCTbRPpxQ+qt1pBvbQg=; b=pTI7rpHbKZs0Kzy2JLTCg5Vl7Sln9OIUNi1YHe3QbsQvAiTW1lZS/2r7aGyKTdkpli DouCVW/B1oGpxWjEiK/89FiS7TWHOZq0cs3p33f+CtpcBHKjsq3V4pGQr8lbpONiqcqb myIWL/RHZR1SkvBnTt1P7HzT16n4CFZ+oZxvNpnbEoppn7OUyFNaN8QevsTdoLcNR44z ez9Lrt5YT3ct08K4AmZi2KLoVmM7FehNscFB2Ez++IVt/8kLATQkCgZfm/Z9Yu7JkKda 7vMGStvgHJX0LLqGMmxJLxkLAl8VSDE3vvpywnR0JyW/KUmf4Gq5n5VGJfU9Rg/MicQG /TEQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7si1635897pgp.660.2018.03.14.03.37.31; Wed, 14 Mar 2018 03:37:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751997AbeCNKgE (ORCPT + 99 others); Wed, 14 Mar 2018 06:36:04 -0400 Received: from foss.arm.com ([217.140.101.70]:50316 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751871AbeCNKgB (ORCPT ); Wed, 14 Mar 2018 06:36:01 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 051A415AB; Wed, 14 Mar 2018 03:36:01 -0700 (PDT) Received: from [10.1.207.62] (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BBB703F53D; Wed, 14 Mar 2018 03:35:56 -0700 (PDT) Subject: Re: [PATCH v1 3/4] arm64: Fix the page leak in pud/pmd_set_huge To: Chintan Pandya , catalin.marinas@arm.com, will.deacon@arm.com, arnd@arndb.de Cc: mark.rutland@arm.com, ard.biesheuvel@linaro.org, james.morse@arm.com, kristina.martsenko@arm.com, takahiro.akashi@linaro.org, gregkh@linuxfoundation.org, tglx@linutronix.de, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, akpm@linux-foundation.org, toshi.kani@hpe.com References: <1521017305-28518-1-git-send-email-cpandya@codeaurora.org> <1521017305-28518-4-git-send-email-cpandya@codeaurora.org> From: Marc Zyngier Organization: ARM Ltd Message-ID: <4b955357-23a0-c0ac-4407-79a1198e1913@arm.com> Date: Wed, 14 Mar 2018 10:35:55 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1521017305-28518-4-git-send-email-cpandya@codeaurora.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14/03/18 08:48, Chintan Pandya wrote: > While setting huge page, we need to take care of > previously existing next level mapping. Since, > we are going to overrite previous mapping, the > only reference to next level page table will get > lost and the next level page table will be zombie, > occupying space forever. So, free it before > overriding. > > Signed-off-by: Chintan Pandya > --- > arch/arm64/mm/mmu.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index 8c704f1..c0df264 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -32,7 +32,7 @@ > #include > #include > #include > - > +#include > #include > #include > #include > @@ -45,6 +45,7 @@ > #include > #include > #include > +#include > > #define NO_BLOCK_MAPPINGS BIT(0) > #define NO_CONT_MAPPINGS BIT(1) > @@ -939,6 +940,9 @@ int pud_set_huge(pud_t *pudp, phys_addr_t phys, pgprot_t prot) > return 0; > > BUG_ON(phys & ~PUD_MASK); > + if (pud_val(*pud) && !pud_huge(*pud)) > + free_page((unsigned long)__va(pud_val(*pud))); > + This is absolutely scary. Isn't this page still referenced in the page tables (assuming patch 4 has been applied too)? > set_pud(pudp, pfn_pud(__phys_to_pfn(phys), sect_prot)); > return 1; > } > @@ -953,6 +957,9 @@ int pmd_set_huge(pmd_t *pmdp, phys_addr_t phys, pgprot_t prot) > return 0; > > BUG_ON(phys & ~PMD_MASK); > + if (pmd_val(*pmd) && !pmd_huge(*pmd)) > + free_page((unsigned long)__va(pmd_val(*pmd))); > + > set_pmd(pmdp, pfn_pmd(__phys_to_pfn(phys), sect_prot)); > return 1; > } > Thanks, M. -- Jazz is not dead. It just smells funny...