Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp641060imm; Mon, 2 Jul 2018 19:29:04 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIADLJoCZBvHVEEFXPnNL7eQhb7kCD/2FfLYY3JB5BPemOav63nAlueB2KTYSSzTd1NnL82 X-Received: by 2002:a65:4849:: with SMTP id i9-v6mr23802501pgs.350.1530584943945; Mon, 02 Jul 2018 19:29:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530584943; cv=none; d=google.com; s=arc-20160816; b=n8Wjhp0a8hjEuWhfqPH+4/rTH/uY2Ta0hVXIiCJm1HZdx37wI5AdW1qKt7iSq6LetS Pj4GbMymy7cBembp8baeT87h5ncMNg/SZYV/e1umjFsqMkfM7FeHn4irncFIeIroRbXO +f52kyfiIo20a66gdBjANesRj8y03ZNaGE3DNcUPHendcIftufgMJng7VmM9AmXu7Okq 9q0BDO0q+En6Kr0wi3nmiZN9qnI6aAx9ZxCbgbMd8jtpsOZTN8epvTROdeJeBHbWdhNA HiHFZne8yUbDPBZi28zpQfqBP4XGz5O8mvv87KpRPOB+ikqlvpyfUsjMep+Dq7lNYJPr Nhvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=Zi3wdoIZWqboVr73oqGsCyoMz8HVJgGsBgQ4Ym5A74Q=; b=d6e2c4h/u4uyRP1oepgWOhOlNvwFfmEmdgP/31zaOihONS5akekh/c6lfzVlWpINRc Lo9NomWBcnA3DP7gqnk62rcyISG70HWtr4d9xRatW0HF7UB+lTigU3yhMttf6+vTgCbM cvoDbJWBGhb19vVCNzmZ/7rqAhfN6Uf37zCr/1lvd+jk33I7otYnbTAcP3bi5ImP46eT 1g3VIBwS2IW2K+djq+eyVQ96sflQk0wDyMX6EVAE3IOHfPJvS70qb/LEdptBKAgvlTGt jH1wN1reIb5cy0vooZK6ehnO6DuhACcyUVsiFACRcEZV6ZkE9byEKrYrYBvCshq7gyHi wbOA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n29-v6si3815pfg.227.2018.07.02.19.28.49; Mon, 02 Jul 2018 19:29:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932535AbeGCC1V (ORCPT + 99 others); Mon, 2 Jul 2018 22:27:21 -0400 Received: from ex13-edg-ou-001.vmware.com ([208.91.0.189]:35328 "EHLO EX13-EDG-OU-001.vmware.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932381AbeGCC1U (ORCPT ); Mon, 2 Jul 2018 22:27:20 -0400 Received: from sc9-mailhost3.vmware.com (10.113.161.73) by EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP Server id 15.0.1156.6; Mon, 2 Jul 2018 19:27:17 -0700 Received: from htb-2n-eng-dhcp405.eng.vmware.com (unknown [10.33.114.36]) by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 7395D4078A; Mon, 2 Jul 2018 19:27:19 -0700 (PDT) From: Nadav Amit To: Greg Kroah-Hartman CC: , Arnd Bergmann , , Nadav Amit , Subject: [PATCH] vmw_balloon: fix inflation with batching Date: Mon, 2 Jul 2018 19:27:13 -0700 Message-ID: <20180703022713.24345-1-namit@vmware.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: None (EX13-EDG-OU-001.vmware.com: namit@vmware.com does not designate permitted sender hosts) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Embarrassingly, the recent fix introduced worse problem than it solved, causing the balloon not to inflate. The VM informed the hypervisor that the pages for lock/unlock are sitting in the wrong address, as it used the page that is used the uninitialized page variable. Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off") Cc: stable@vger.kernel.org Reviewed-by: Xavier Deguillard Signed-off-by: Nadav Amit --- drivers/misc/vmw_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index efd733472a35..56c6f79a5c5a 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.lock[is_2m_pages]); @@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.unlock[is_2m_pages]); -- 2.17.1