Received: by 10.192.165.148 with SMTP id m20csp536032imm;
        Wed, 25 Apr 2018 03:52:58 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49aEuFIjNihMSzEeSJaZy3JKvv+x1dgvswpZsWmbuVqDds2PyDTD3D2dLev6Gh06nxY7Sot
X-Received: by 2002:a17:902:6986:: with SMTP id l6-v6mr28655042plk.209.1524653578036;
        Wed, 25 Apr 2018 03:52:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524653578; cv=none;
        d=google.com; s=arc-20160816;
        b=v3XelrrH1LKrpQltvq43sQiqQZ3U+q8ndgRMnuhqueEF1bFRxjL/40vbTYxImUNg9F
         IQMn0aKQ16EJ6pfoToLbAaH1rw4kSe05AT/ytOnq/B1FyI1TZo2tndneKfD7h8ElI+1t
         gzgxT3Cer9OvJ5xg1+UdODuWCaAkUZGUhXtvGQD5dfbFbp+akVNOeLCZucjoRFjWjqKS
         UkCEuJnekPUOqr4Ad2l0u5605gWdr4AoZi/ggpUlfV0UBgVWw8hVQyFGrowsLmDAl4Fl
         ApXFSNIww6LOL7TrFMlFW12KsyC9llrVcorOm/jJ4KFaGxA8g6SiRVsBHiNZsAhlMKH6
         IVrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=9Vn0tKtc64cqJP/sJWIxcaGhuyOs1BQ/d/u/SBqwpC0=;
        b=dkitx+McLYQCWNHOFBzByP2LQB39lZG0QJFF29AbCDIwifIJcSMN89qDCcG7ee51Wh
         kCET0flrF6oDT2PJijmzMaYRFnlp7c90TLoSEOhiDiUovue93rtsusbzlxaCe4oeP3TZ
         zO7vvZBLmIg4KYFSIKAtwsACtAxJQB8G8pIfyLP1hoLvCCnpg04o/kgFK+Fw4aSBWvfL
         2R44MQmcY52oeW+Q7w+sPxbgY1ju93kYnMrIARlNYtquknE7mKJ2ZH0ZKkn2byf/C7jg
         gaJCccAoaiqlWI/OchhkuMV2S5Zod0n3/d3wkJk4Ep8EFpeB7GFR7tCU6ryt+x9vhCFQ
         osUA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o14-v6si16157003pli.13.2018.04.25.03.52.43;
        Wed, 25 Apr 2018 03:52:57 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754308AbeDYKoM (ORCPT <rfc822;ruroungkernel@gmail.com>
        + 99 others); Wed, 25 Apr 2018 06:44:12 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:53228 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754115AbeDYKoG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Apr 2018 06:44:06 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id E7086272;
        Wed, 25 Apr 2018 10:44:05 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 164/183] powerpc/mm/hash64: Zero PGD pages on allocation
Date:   Wed, 25 Apr 2018 12:36:24 +0200
Message-Id: <20180425103249.115159030@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180425103242.532713678@linuxfoundation.org>
References: <20180425103242.532713678@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>


[ Upstream commit fc5c2f4a55a2c258e12013cdf287cf266dbcd2a7 ]

On powerpc we allocate page table pages from slab caches of different
sizes. Currently we have a constructor that zeroes out the objects when
we allocate them for the first time.

We expect the objects to be zeroed out when we free the the object
back to slab cache. This happens in the unmap path. For hugetlb pages
we call huge_pte_get_and_clear() to do that.

With the current configuration of page table size, both PUD and PGD
level tables are allocated from the same slab cache. At the PUD level,
we use the second half of the table to store the slot information. But
we never clear that when unmapping.

When such a freed object is then allocated for a PGD page, the second
half of the page table page will not be zeroed as expected. This
results in a kernel crash.

Fix it by always clearing PGD pages when they're allocated.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[mpe: Change log wording and formatting, add whitespace]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/include/asm/book3s/64/pgalloc.h |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
+++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
@@ -73,10 +73,16 @@ static inline void radix__pgd_free(struc
 
 static inline pgd_t *pgd_alloc(struct mm_struct *mm)
 {
+	pgd_t *pgd;
+
 	if (radix_enabled())
 		return radix__pgd_alloc(mm);
-	return kmem_cache_alloc(PGT_CACHE(PGD_INDEX_SIZE),
-		pgtable_gfp_flags(mm, GFP_KERNEL));
+
+	pgd = kmem_cache_alloc(PGT_CACHE(PGD_INDEX_SIZE),
+			       pgtable_gfp_flags(mm, GFP_KERNEL));
+	memset(pgd, 0, PGD_TABLE_SIZE);
+
+	return pgd;
 }
 
 static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)