diff options
| author | Marc Zyngier <marc.zyngier@arm.com> | 2017-12-07 06:45:45 -0500 |
|---|---|---|
| committer | Christoffer Dall <christoffer.dall@linaro.org> | 2017-12-18 04:53:23 -0500 |
| commit | 7839c672e58bf62da8f2f0197fefb442c02ba1dd (patch) | |
| tree | 8e65a53e308e23a09aa89399db03ea9edc10f697 /virt | |
| parent | bfe766cf65fb65e68c4764f76158718560bdcee5 (diff) | |
KVM: arm/arm64: Fix HYP unmapping going off limits
When we unmap the HYP memory, we try to be clever and unmap one
PGD at a time. If we start with a non-PGD aligned address and try
to unmap a whole PGD, things go horribly wrong in unmap_hyp_range
(addr and end can never match, and it all goes really badly as we
keep incrementing pgd and parse random memory as page tables...).
The obvious fix is to let unmap_hyp_range do what it does best,
which is to iterate over a range.
The size of the linear mapping, which begins at PAGE_OFFSET, can be
easily calculated by subtracting PAGE_OFFSET form high_memory, because
high_memory is defined as the linear map address of the last byte of
DRAM, plus one.
The size of the vmalloc region is given trivially by VMALLOC_END -
VMALLOC_START.
Cc: stable@vger.kernel.org
Reported-by: Andre Przywara <andre.przywara@arm.com>
Tested-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Diffstat (limited to 'virt')
| -rw-r--r-- | virt/kvm/arm/mmu.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index b36945d49986..b4b69c2d1012 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c | |||
| @@ -509,8 +509,6 @@ static void unmap_hyp_range(pgd_t *pgdp, phys_addr_t start, u64 size) | |||
| 509 | */ | 509 | */ |
| 510 | void free_hyp_pgds(void) | 510 | void free_hyp_pgds(void) |
| 511 | { | 511 | { |
| 512 | unsigned long addr; | ||
| 513 | |||
| 514 | mutex_lock(&kvm_hyp_pgd_mutex); | 512 | mutex_lock(&kvm_hyp_pgd_mutex); |
| 515 | 513 | ||
| 516 | if (boot_hyp_pgd) { | 514 | if (boot_hyp_pgd) { |
| @@ -521,10 +519,10 @@ void free_hyp_pgds(void) | |||
| 521 | 519 | ||
| 522 | if (hyp_pgd) { | 520 | if (hyp_pgd) { |
| 523 | unmap_hyp_range(hyp_pgd, hyp_idmap_start, PAGE_SIZE); | 521 | unmap_hyp_range(hyp_pgd, hyp_idmap_start, PAGE_SIZE); |
| 524 | for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE) | 522 | unmap_hyp_range(hyp_pgd, kern_hyp_va(PAGE_OFFSET), |
| 525 | unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); | 523 | (uintptr_t)high_memory - PAGE_OFFSET); |
| 526 | for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE) | 524 | unmap_hyp_range(hyp_pgd, kern_hyp_va(VMALLOC_START), |
| 527 | unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); | 525 | VMALLOC_END - VMALLOC_START); |
| 528 | 526 | ||
| 529 | free_pages((unsigned long)hyp_pgd, hyp_pgd_order); | 527 | free_pages((unsigned long)hyp_pgd, hyp_pgd_order); |
| 530 | hyp_pgd = NULL; | 528 | hyp_pgd = NULL; |