From patchwork Thu Sep 26 09:46:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Xia, Hongyan" X-Patchwork-Id: 11162205 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5883913B1 for ; Thu, 26 Sep 2019 09:51:54 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 343E42053B for ; Thu, 26 Sep 2019 09:51:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="GsCDE9PX" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 343E42053B Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDQQW-0001rs-Sr; Thu, 26 Sep 2019 09:51:08 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDQQU-0001m1-Km for xen-devel@lists.xenproject.org; Thu, 26 Sep 2019 09:51:06 +0000 X-Inumbo-ID: 281807f4-e043-11e9-97fb-bc764e2007e4 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by localhost (Halon) with ESMTPS id 281807f4-e043-11e9-97fb-bc764e2007e4; Thu, 26 Sep 2019 09:51:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1569491466; x=1601027466; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=X8ubSK1Ujw0hZSx2rdKIH6pGHqgEunpSnXJ2Y0lhEZQ=; b=GsCDE9PXBN60aq5YDqcXE2F+dih1jpNFl9BgNMLj5egOe/9ZHAhEQ3yH CvaHvSZSm/mSFGt7dNkW7LnG3V5I1shiV16RKJ4Ky43jMna4P1qtY7bhh lKwwEQRD6cZhFTskuSpsLfeKlSvLiN/hOFFewOvK7vJ5MIvm0MLR0sK2b U=; X-IronPort-AV: E=Sophos;i="5.64,551,1559520000"; d="scan'208";a="836988951" Received: from sea3-co-svc-lb6-vlan2.sea.amazon.com (HELO email-inbound-relay-1e-97fdccfd.us-east-1.amazon.com) ([10.47.22.34]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 26 Sep 2019 09:48:59 +0000 Received: from EX13MTAUEA001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-1e-97fdccfd.us-east-1.amazon.com (Postfix) with ESMTPS id F1265A1D5D; Thu, 26 Sep 2019 09:48:44 +0000 (UTC) Received: from EX13D28EUC004.ant.amazon.com (10.43.164.80) by EX13MTAUEA001.ant.amazon.com (10.43.61.82) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 26 Sep 2019 09:48:44 +0000 Received: from EX13MTAUWA001.ant.amazon.com (10.43.160.58) by EX13D28EUC004.ant.amazon.com (10.43.164.80) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 26 Sep 2019 09:48:43 +0000 Received: from u9d785c4ba99158.ant.amazon.com (10.125.106.58) by mail-relay.amazon.com (10.43.160.118) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Thu, 26 Sep 2019 09:48:39 +0000 From: To: Date: Thu, 26 Sep 2019 10:46:21 +0100 Message-ID: <6d79e6301ff15af71b21c64d10760abb9775b626.1569489002.git.hongyax@amazon.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [RFC PATCH 58/84] x86/mm: fix leaks in map_xen_pagetable. X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Wei Liu , Hongyan Xia , George Dunlap , Andrew Cooper , Konrad Rzeszutek Wilk , Ian Jackson , Tim Deegan , Julien Grall , Jan Beulich , Volodymyr Babchuk , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Hongyan Xia Not unmapping pages after map_xen_pagetable can leak the virtual address space over time. Also this fix makes vmap_to_mfn non-trivial to be a macro. There might be better options but move it into vmap.c for now. Signed-off-by: Hongyan Xia --- xen/arch/x86/mm.c | 5 +---- xen/common/vmap.c | 13 +++++++++++++ xen/include/asm-arm/mm.h | 2 -- xen/include/asm-x86/page.h | 2 -- xen/include/xen/vmap.h | 3 +++ 5 files changed, 17 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b2b2edbed1..145c5ab47c 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -5160,6 +5160,7 @@ int map_pages_to_xen( !(l2e_get_flags(ol2e) & _PAGE_PSE) ) free_xen_pagetable(l2e_get_mfn(ol2e)); } + UNMAP_XEN_PAGETABLE(l2t); free_xen_pagetable(l2t_mfn); } } @@ -5225,7 +5226,6 @@ int map_pages_to_xen( l3e_write_atomic(pl3e, l3e_from_mfn(l2t_mfn, __PAGE_HYPERVISOR)); UNMAP_XEN_PAGETABLE(l2t); - l2t = NULL; } if ( locking ) spin_unlock(&map_pgdir_lock); @@ -5346,7 +5346,6 @@ int map_pages_to_xen( l2e_write_atomic(pl2e, l2e_from_mfn(l1t_mfn, __PAGE_HYPERVISOR)); UNMAP_XEN_PAGETABLE(l1t); - l1t = NULL; } if ( locking ) spin_unlock(&map_pgdir_lock); @@ -5589,7 +5588,6 @@ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int nf) { l3e_write_atomic(pl3e, l3e_from_mfn(mfn, __PAGE_HYPERVISOR)); UNMAP_XEN_PAGETABLE(l2t); - l2t = NULL; } if ( locking ) spin_unlock(&map_pgdir_lock); @@ -5657,7 +5655,6 @@ int modify_xen_mappings(unsigned long s, unsigned long e, unsigned int nf) l2e_write_atomic(pl2e, l2e_from_mfn(mfn, __PAGE_HYPERVISOR)); UNMAP_XEN_PAGETABLE(l1t); - l1t = NULL; } if ( locking ) spin_unlock(&map_pgdir_lock); diff --git a/xen/common/vmap.c b/xen/common/vmap.c index faebc1ddf1..fcdb8495c8 100644 --- a/xen/common/vmap.c +++ b/xen/common/vmap.c @@ -19,6 +19,19 @@ static unsigned int __read_mostly vm_end[VMAP_REGION_NR]; /* lowest known clear bit in the bitmap */ static unsigned int vm_low[VMAP_REGION_NR]; +mfn_t vmap_to_mfn(void *va) +{ + l1_pgentry_t *pl1e = virt_to_xen_l1e((unsigned long)(va)); + mfn_t ret = _mfn(l1e_get_pfn(*pl1e)); + unmap_xen_pagetable(pl1e); + return ret; +} + +struct page_info *vmap_to_page(void *va) +{ + return mfn_to_page(vmap_to_mfn(va)); +} + void __init vm_init_type(enum vmap_region type, void *start, void *end) { unsigned int i, nr; diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h index 262d92f18d..1b53429255 100644 --- a/xen/include/asm-arm/mm.h +++ b/xen/include/asm-arm/mm.h @@ -231,8 +231,6 @@ static inline void __iomem *ioremap_wc(paddr_t start, size_t len) #define gaddr_to_gfn(ga) _gfn(paddr_to_pfn(ga)) #define mfn_to_maddr(mfn) pfn_to_paddr(mfn_x(mfn)) #define maddr_to_mfn(ma) _mfn(paddr_to_pfn(ma)) -#define vmap_to_mfn(va) maddr_to_mfn(virt_to_maddr((vaddr_t)va)) -#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va)) /* Page-align address and convert to frame number format */ #define paddr_to_pfn_aligned(paddr) paddr_to_pfn(PAGE_ALIGN(paddr)) diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h index 906ec701a3..191de86bff 100644 --- a/xen/include/asm-x86/page.h +++ b/xen/include/asm-x86/page.h @@ -266,8 +266,6 @@ void copy_page_sse2(void *, const void *); #define pfn_to_paddr(pfn) __pfn_to_paddr(pfn) #define paddr_to_pfn(pa) __paddr_to_pfn(pa) #define paddr_to_pdx(pa) pfn_to_pdx(paddr_to_pfn(pa)) -#define vmap_to_mfn(va) _mfn(l1e_get_pfn(*virt_to_xen_l1e((unsigned long)(va)))) -#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va)) #endif /* !defined(__ASSEMBLY__) */ diff --git a/xen/include/xen/vmap.h b/xen/include/xen/vmap.h index 369560e620..3d69727a9d 100644 --- a/xen/include/xen/vmap.h +++ b/xen/include/xen/vmap.h @@ -23,6 +23,9 @@ void *vmalloc_xen(size_t size); void *vzalloc(size_t size); void vfree(void *va); +mfn_t vmap_to_mfn(void *va); +struct page_info *vmap_to_page(void *va); + void __iomem *ioremap(paddr_t, size_t); static inline void iounmap(void __iomem *va)