Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2039173imm; Mon, 16 Jul 2018 00:39:59 -0700 (PDT) X-Google-Smtp-Source: AAOMgpf7p0KXwDijfK0dM+kNuw+PhP2WAUUPpK6HAqluyhgfJ8HZwo3JStPU6d80rrJ+BiXTBRUS X-Received: by 2002:a17:902:2f84:: with SMTP id t4-v6mr15650369plb.24.1531726799643; Mon, 16 Jul 2018 00:39:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531726799; cv=none; d=google.com; s=arc-20160816; b=tV+/WZFzcbsRwspbOTqbLTbDMZCQ48hmfsFUQ7zACniekNKCvW7AOeHvKG9OVLHHEZ +D1CYvQyYkm0fkFbSB5ZAoNpmMPF1uz+sHS28gI3GiS41cKuYxG4p0oZq+1Q6Yo6+ZRR B5GF6iJMfwEGDFyfWMiec9rL7tS83aYKvExjljBhR6dNvraPr1UHbA0NGDyMrXfUnKJp lixQnWMM1h1w60uGOKwLObDTmrxcPMfVE/DcQI/Yff94DmaTFBR7Q3GrC5dBAimW81Oj UiJlFASUNQ2XKGbCIMzrhZevsGfrV3eI5RO8NH4vqTaXBH894va/6Ra9tA4BdXER6x2y Y/KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=+FXG9u63xT8BeQWv64PoL2+rJNa8c3JUaBligMGizBA=; b=vy7UPjmBxx+NQ3tIVDC53jpfQWs6QS2u/AAQVTgmIIxtYDXG6JxyJ+xFf5+lSyJ7b7 UyzJrCSh7l6WWYO9/lKPieGxzpRqbvB6pRDkOte8zA5g8r619SAumNkTKLWaSRREnNdr MoBFlTxstfxwhnhTtdgxFtX//YQuKqifv/uHhXhulS3rZfc4BVMaHMiGyiX8rGGVYiMd 8ZW8qDdSYRb97+dIYzN4yglb/8FVtkTC9BALJVmTTdG++Vv3RvnErO7vpFiELOIASl/y 9XVIl60CIQv0jyMqPP26Ho1//l5Ty3QuUIOsSDVN6nP32EsRvg9ya8DxVRoWQspHIzXW KVXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4-v6si28906772pgb.279.2018.07.16.00.39.44; Mon, 16 Jul 2018 00:39:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731994AbeGPIDu (ORCPT + 99 others); Mon, 16 Jul 2018 04:03:50 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:46774 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728460AbeGPIDt (ORCPT ); Mon, 16 Jul 2018 04:03:49 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id A4EF0C03; Mon, 16 Jul 2018 07:37:48 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xavier Deguillard , Nadav Amit Subject: [PATCH 4.17 20/67] vmw_balloon: fix inflation with batching Date: Mon, 16 Jul 2018 09:34:49 +0200 Message-Id: <20180716073446.256595404@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180716073443.294323458@linuxfoundation.org> References: <20180716073443.294323458@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.17-stable review patch. If anyone has any objections, please let me know. ------------------ From: Nadav Amit commit 90d72ce079791399ac255c75728f3c9e747b093d upstream. Embarrassingly, the recent fix introduced worse problem than it solved, causing the balloon not to inflate. The VM informed the hypervisor that the pages for lock/unlock are sitting in the wrong address, as it used the page that is used the uninitialized page variable. Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off") Cc: stable@vger.kernel.org Reviewed-by: Xavier Deguillard Signed-off-by: Nadav Amit Signed-off-by: Greg Kroah-Hartman --- drivers/misc/vmw_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(s unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.lock[is_2m_pages]); @@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unloc unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.unlock[is_2m_pages]);