diff options
| author | Dave Hansen <dave.hansen@linux.intel.com> | 2018-08-02 18:58:26 -0400 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2018-08-05 16:21:02 -0400 |
| commit | 0d83432811f26871295a9bc24d3c387924da6071 (patch) | |
| tree | 9f7ca9f756134a6ac3ad00f5c289597a6b860cb6 | |
| parent | eac7073aa69aa1cac819aa712146284f53f642b1 (diff) | |
mm: Allow non-direct-map arguments to free_reserved_area()
free_reserved_area() takes pointers as arguments to show which addresses
should be freed. However, it does this in a somewhat ambiguous way. If it
gets a kernel direct map address, it always works. However, if it gets an
address that is part of the kernel image alias mapping, it can fail.
It fails if all of the following happen:
* The specified address is part of the kernel image alias
* Poisoning is requested (forcing a memset())
* The address is in a read-only portion of the kernel image
The memset() fails on the read-only mapping, of course.
free_reserved_area() *is* called both on the direct map and on kernel image
alias addresses. We've just lucked out thus far that the kernel image
alias areas it gets used on are read-write. I'm fairly sure this has been
just a happy accident.
It is quite easy to make free_reserved_area() work for all cases: just
convert the address to a direct map address before doing the memset(), and
do this unconditionally. There is little chance of a regression here
because we previously did a virt_to_page() on the address for the memset,
so we know these are not highmem pages for which virt_to_page() would fail.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: keescook@google.com
Cc: aarcange@redhat.com
Cc: jgross@suse.com
Cc: jpoimboe@redhat.com
Cc: gregkh@linuxfoundation.org
Cc: peterz@infradead.org
Cc: hughd@google.com
Cc: torvalds@linux-foundation.org
Cc: bp@alien8.de
Cc: luto@kernel.org
Cc: ak@linux.intel.com
Cc: Kees Cook <keescook@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>
Link: https://lkml.kernel.org/r/20180802225826.1287AE3E@viggo.jf.intel.com
| -rw-r--r-- | mm/page_alloc.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/mm/page_alloc.c b/mm/page_alloc.c index a790ef4be74e..3222193c46c6 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c | |||
| @@ -6939,9 +6939,21 @@ unsigned long free_reserved_area(void *start, void *end, int poison, char *s) | |||
| 6939 | start = (void *)PAGE_ALIGN((unsigned long)start); | 6939 | start = (void *)PAGE_ALIGN((unsigned long)start); |
| 6940 | end = (void *)((unsigned long)end & PAGE_MASK); | 6940 | end = (void *)((unsigned long)end & PAGE_MASK); |
| 6941 | for (pos = start; pos < end; pos += PAGE_SIZE, pages++) { | 6941 | for (pos = start; pos < end; pos += PAGE_SIZE, pages++) { |
| 6942 | struct page *page = virt_to_page(pos); | ||
| 6943 | void *direct_map_addr; | ||
| 6944 | |||
| 6945 | /* | ||
| 6946 | * 'direct_map_addr' might be different from 'pos' | ||
| 6947 | * because some architectures' virt_to_page() | ||
| 6948 | * work with aliases. Getting the direct map | ||
| 6949 | * address ensures that we get a _writeable_ | ||
| 6950 | * alias for the memset(). | ||
| 6951 | */ | ||
| 6952 | direct_map_addr = page_address(page); | ||
| 6942 | if ((unsigned int)poison <= 0xFF) | 6953 | if ((unsigned int)poison <= 0xFF) |
| 6943 | memset(pos, poison, PAGE_SIZE); | 6954 | memset(direct_map_addr, poison, PAGE_SIZE); |
| 6944 | free_reserved_page(virt_to_page(pos)); | 6955 | |
| 6956 | free_reserved_page(page); | ||
| 6945 | } | 6957 | } |
| 6946 | 6958 | ||
| 6947 | if (pages && s) | 6959 | if (pages && s) |