tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus-urgent' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
"A selftests fix for ARM, and the fix for page reference count
underflow. This is a very small fix that was provided by Nick Piggin
and tested by myself"

* tag 'for-linus-urgent' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: do not allow mapping valid but non-reference-counted pages
KVM: selftests: Fix mapping length truncation in m{,un}map()

Linus Torvalds 616a99dd 94ca94bb

+19 -4
+2 -2
tools/testing/selftests/kvm/set_memory_region_test.c
··· 376 376 pr_info("Adding slots 0..%i, each memory region with %dK size\n", 377 377 (max_mem_slots - 1), MEM_REGION_SIZE >> 10); 378 378 379 - mem = mmap(NULL, MEM_REGION_SIZE * max_mem_slots + alignment, 379 + mem = mmap(NULL, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment, 380 380 PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 381 381 TEST_ASSERT(mem != MAP_FAILED, "Failed to mmap() host"); 382 382 mem_aligned = (void *)(((size_t) mem + alignment - 1) & ~(alignment - 1)); ··· 401 401 TEST_ASSERT(ret == -1 && errno == EINVAL, 402 402 "Adding one more memory slot should fail with EINVAL"); 403 403 404 - munmap(mem, MEM_REGION_SIZE * max_mem_slots + alignment); 404 + munmap(mem, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment); 405 405 munmap(mem_extra, MEM_REGION_SIZE); 406 406 kvm_vm_free(vm); 407 407 }
+17 -2
virt/kvm/kvm_main.c
··· 2055 2055 return true; 2056 2056 } 2057 2057 2058 + static int kvm_try_get_pfn(kvm_pfn_t pfn) 2059 + { 2060 + if (kvm_is_reserved_pfn(pfn)) 2061 + return 1; 2062 + return get_page_unless_zero(pfn_to_page(pfn)); 2063 + } 2064 + 2058 2065 static int hva_to_pfn_remapped(struct vm_area_struct *vma, 2059 2066 unsigned long addr, bool *async, 2060 2067 bool write_fault, bool *writable, ··· 2111 2104 * Whoever called remap_pfn_range is also going to call e.g. 2112 2105 * unmap_mapping_range before the underlying pages are freed, 2113 2106 * causing a call to our MMU notifier. 2107 + * 2108 + * Certain IO or PFNMAP mappings can be backed with valid 2109 + * struct pages, but be allocated without refcounting e.g., 2110 + * tail pages of non-compound higher order allocations, which 2111 + * would then underflow the refcount when the caller does the 2112 + * required put_page. Don't allow those pages here. 2114 2113 */ 2115 - kvm_get_pfn(pfn); 2114 + if (!kvm_try_get_pfn(pfn)) 2115 + r = -EFAULT; 2116 2116 2117 2117 out: 2118 2118 pte_unmap_unlock(ptep, ptl); 2119 2119 *p_pfn = pfn; 2120 - return 0; 2120 + 2121 + return r; 2121 2122 } 2122 2123 2123 2124 /*