On 05/23/2018 12:03 AM, Andrew Morton wrote:
> On Tue, 22 May 2018 19:44:06 +0300 Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> wrote:
>
>>> Obviously we can't call vfree() to free memory that wasn't allocated via
>>> vmalloc(). Use find_vm_area() to see if we can call vfree().
>>>
>>> Unfortunately it's a bit tricky to properly unmap and free shadow allocated
>>> during boot, so we'll have to keep it. If memory will come online again
>>> that shadow will be reused.
>>>
>>> Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug")
>>> Reported-by: Paul Menzel <pmenzel+linux-kasan-dev@xxxxxxxxxxxxx>
>>> Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
>>> Cc: <stable@xxxxxxxxxxxxxxx>
>>> ---
>>
>> This seems stuck in -mm. Andrew, can we proceed?
>
> OK.
>
> Should there be a code comment explaining the situation that Matthew
> asked about? It's rather obscure.
>
Ok. Here is my attempt to improve the situation. If something is still not clear,
I'm open to suggestions.
From: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Subject: [PATCH] mm-kasan-dont-vfree-nonexistent-vm_area-fix
Improve comments.
Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
---
mm/kasan/kasan.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 135ce2838c89..ea44dd0bc4e7 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -812,7 +812,7 @@ static bool shadow_mapped(unsigned long addr)
/*
* We can't use pud_large() or pud_huge(), the first one
* is arch-specific, the last one depend on HUGETLB_PAGE.
- * So let's abuse pud_bad(), if bud is bad it's has to
+ * So let's abuse pud_bad(), if pud is bad than it's bad
* because it's huge.
*/
if (pud_bad(*pud))
@@ -871,9 +871,16 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb,
struct vm_struct *vm;
/*
- * Only hot-added memory have vm_area. Freeing shadow
- * mapped during boot would be tricky, so we'll just
- * have to keep it.
+ * shadow_start was either mapped during boot by kasan_init()
+ * or during memory online by __vmalloc_node_range().
+ * In the latter case we can use vfree() to free shadow.
+ * Non-NULL result of the find_vm_area() will tell us if
+ * that was the second case.
+ *
+ * Currently it's not possible to free shadow mapped
+ * during boot by kasan_init(). It's because the code
+ * to do that hasn't been written yet. So we'll just
+ * leak the memory.
*/
vm = find_vm_area((void *)shadow_start);
if (vm)
--
2.16.1
