summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2011-10-30 15:16:08 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2011-11-11 09:36:08 -0800
commitcd1ee66bb5156203711560ee73b00e70bb8450b5 (patch)
treeafa56c9e28806fa34e550dc300f34e3bcba86cbd
parent0a85ef94c2af8630deb851e559c9d3bdf5530802 (diff)
downloadlwn-cd1ee66bb5156203711560ee73b00e70bb8450b5.tar.gz
lwn-cd1ee66bb5156203711560ee73b00e70bb8450b5.zip
memory leak with RCU_TABLE_FREE
commit e73b7fffe487c315fd1a4fa22282e3362b440a06 upstream. The rcu page table free code uses a couple of bits in the page table pointer passed to tlb_remove_table to discern the different page table types. __tlb_remove_table extracts the type with an incorrect mask which leads to memory leaks. The correct mask is ((FRAG_MASK << 4) | FRAG_MASK). Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--arch/s390/mm/pgtable.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
index 37a23c223705..458893f5f6b8 100644
--- a/arch/s390/mm/pgtable.c
+++ b/arch/s390/mm/pgtable.c
@@ -291,8 +291,9 @@ void page_table_free_rcu(struct mmu_gather *tlb, unsigned long *table)
void __tlb_remove_table(void *_table)
{
- void *table = (void *)((unsigned long) _table & PAGE_MASK);
- unsigned type = (unsigned long) _table & ~PAGE_MASK;
+ const unsigned long mask = (FRAG_MASK << 4) | FRAG_MASK;
+ void *table = (void *)((unsigned long) _table & ~mask);
+ unsigned type = (unsigned long) _table & mask;
if (type)
__page_table_free_rcu(table, type);