Re: [PATCH] mm/kasan: Don't vfree() nonexistent vm_area.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/23/2018 12:03 AM, Andrew Morton wrote:
> On Tue, 22 May 2018 19:44:06 +0300 Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> wrote:
> 
>>> Obviously we can't call vfree() to free memory that wasn't allocated via
>>> vmalloc(). Use find_vm_area() to see if we can call vfree().
>>>
>>> Unfortunately it's a bit tricky to properly unmap and free shadow allocated
>>> during boot, so we'll have to keep it. If memory will come online again
>>> that shadow will be reused.
>>>
>>> Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug")
>>> Reported-by: Paul Menzel <pmenzel+linux-kasan-dev@xxxxxxxxxxxxx>
>>> Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
>>> Cc: <stable@xxxxxxxxxxxxxxx>
>>> ---
>>
>> This seems stuck in -mm. Andrew, can we proceed?
> 
> OK.
> 
> Should there be a code comment explaining the situation that Matthew
> asked about?  It's rather obscure.
> 

Ok. Here is my attempt to improve the situation. If something is still not clear,
I'm open to suggestions.



From: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Subject: [PATCH] mm-kasan-dont-vfree-nonexistent-vm_area-fix

Improve comments.

Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
---
 mm/kasan/kasan.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 135ce2838c89..ea44dd0bc4e7 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -812,7 +812,7 @@ static bool shadow_mapped(unsigned long addr)
 	/*
 	 * We can't use pud_large() or pud_huge(), the first one
 	 * is arch-specific, the last one depend on HUGETLB_PAGE.
-	 * So let's abuse pud_bad(), if bud is bad it's has to
+	 * So let's abuse pud_bad(), if pud is bad than it's bad
 	 * because it's huge.
 	 */
 	if (pud_bad(*pud))
@@ -871,9 +871,16 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb,
 		struct vm_struct *vm;
 
 		/*
-		 * Only hot-added memory have vm_area. Freeing shadow
-		 * mapped during boot would be tricky, so we'll just
-		 * have to keep it.
+		 * shadow_start was either mapped during boot by kasan_init()
+		 * or during memory online by __vmalloc_node_range().
+		 * In the latter case we can use vfree() to free shadow.
+		 * Non-NULL result of the find_vm_area() will tell us if
+		 * that was the second case.
+		 *
+		 * Currently it's not possible to free shadow mapped
+		 * during boot by kasan_init(). It's because the code
+		 * to do that hasn't been written yet. So we'll just
+		 * leak the memory.
 		 */
 		vm = find_vm_area((void *)shadow_start);
 		if (vm)
-- 
2.16.1




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux