Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2041691imm; Mon, 16 Jul 2018 00:43:37 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeevAyRiEZIjm+mlbUyLNRS+WzK4xIQxG3yVz/S43sfC4INXSwZcTiKWAZEJ37I0a6YabOz X-Received: by 2002:a63:161a:: with SMTP id w26-v6mr14864877pgl.257.1531727017507; Mon, 16 Jul 2018 00:43:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531727017; cv=none; d=google.com; s=arc-20160816; b=ffvQIS0alAaXq12dzbpz946P4MgWy8kLHI7idrHOR8Qzn4JPpb49Q1bysM7u+ppPH9 GDj1hLmB5gFzma6U5g1fJoJDZYh0amPCMSeiL7o5SFNnLvPhcPn7XHcNX9bJbGZfym+o uVIRxflz38Y5ndXpUKGsggxfu0SkdLb096YcXOvNdQ2UfovA4oDQexbccOMcRFp5nALC jqUyogAige/mruC7gS/AbF9Oek/1ozXPBjSC3Ev/SkRCwrU8MbjckIQMHoT6kN7INt4I /zf4Tajzx+Vd3yjJ2lNKqarPn+oS7K11GinrwqKbffLeGUbdcJuAxSD4xr/G+Q+ywf38 1fmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=GF1yijjTMHHV6XYribwpc6kGIHFb5Vj5gY+zCnJzh84=; b=qdmR2x8NXEeMSNrdTmGzp6scDUeiUEtM78svhU4A90WFqJWE8PHAfenM0pP6cybGvg RxYuxth27s5wX3N8qZ86h4XXmdtor8Sbhqs0HcasSl4zKdupKHVmTzsj4YUjnacWOB6C vOSTU0vsa7ZK8prrKv8/mrlHml28BiWUHCgC90hqWexlvkN0rJvYuMxqoijHYh72lpb1 NNzdshQm+lJLSSJm7P2UXSljvwkjfv8VahEmN1J63bV7TA2vj/un9fSO1MSLqu9BJj93 aZIpKqZiOgs5wjON008P5+aggRQ+AkkCzqs8HS51Zl9C8TjxK6avvumVOuFnsOE1rRia WJFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u8-v6si30854040pfl.87.2018.07.16.00.43.22; Mon, 16 Jul 2018 00:43:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388863AbeGPIIw (ORCPT + 99 others); Mon, 16 Jul 2018 04:08:52 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:47856 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730161AbeGPIIv (ORCPT ); Mon, 16 Jul 2018 04:08:51 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id B8C42C03; Mon, 16 Jul 2018 07:42:48 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xavier Deguillard , Nadav Amit Subject: [PATCH 4.9 09/32] vmw_balloon: fix inflation with batching Date: Mon, 16 Jul 2018 09:36:17 +0200 Message-Id: <20180716073505.567136883@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180716073504.433996952@linuxfoundation.org> References: <20180716073504.433996952@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Nadav Amit commit 90d72ce079791399ac255c75728f3c9e747b093d upstream. Embarrassingly, the recent fix introduced worse problem than it solved, causing the balloon not to inflate. The VM informed the hypervisor that the pages for lock/unlock are sitting in the wrong address, as it used the page that is used the uninitialized page variable. Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off") Cc: stable@vger.kernel.org Reviewed-by: Xavier Deguillard Signed-off-by: Nadav Amit Signed-off-by: Greg Kroah-Hartman --- drivers/misc/vmw_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(s unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.lock[is_2m_pages]); @@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unloc unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.unlock[is_2m_pages]);