diff options
| author | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2011-10-30 15:16:08 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-11-11 09:43:22 -0800 |
| commit | 4dc17f0c422d685fb1e31e5cb6762bc1322843b0 (patch) | |
| tree | 598c8858d2d7fb7877aa1c5acc8b1714946fdb53 /arch/s390/mm | |
| parent | 98ef836b07bd10dec2b07d2c11a6357f7909f978 (diff) | |
| download | lwn-4dc17f0c422d685fb1e31e5cb6762bc1322843b0.tar.gz lwn-4dc17f0c422d685fb1e31e5cb6762bc1322843b0.zip | |
memory leak with RCU_TABLE_FREE
commit e73b7fffe487c315fd1a4fa22282e3362b440a06 upstream.
The rcu page table free code uses a couple of bits in the page table
pointer passed to tlb_remove_table to discern the different page table
types. __tlb_remove_table extracts the type with an incorrect mask which
leads to memory leaks. The correct mask is ((FRAG_MASK << 4) | FRAG_MASK).
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'arch/s390/mm')
| -rw-r--r-- | arch/s390/mm/pgtable.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c index 5d56c2b95b14..529a08838376 100644 --- a/arch/s390/mm/pgtable.c +++ b/arch/s390/mm/pgtable.c @@ -662,8 +662,9 @@ void page_table_free_rcu(struct mmu_gather *tlb, unsigned long *table) void __tlb_remove_table(void *_table) { - void *table = (void *)((unsigned long) _table & PAGE_MASK); - unsigned type = (unsigned long) _table & ~PAGE_MASK; + const unsigned long mask = (FRAG_MASK << 4) | FRAG_MASK; + void *table = (void *)((unsigned long) _table & ~mask); + unsigned type = (unsigned long) _table & mask; if (type) __page_table_free_rcu(table, type); |