On 05/23/2018 12:03 AM, Andrew Morton wrote:
On Tue, 22 May 2018 19:44:06 +0300 Andrey Ryabinin aryabinin@virtuozzo.com wrote:
Obviously we can't call vfree() to free memory that wasn't allocated via vmalloc(). Use find_vm_area() to see if we can call vfree().
Unfortunately it's a bit tricky to properly unmap and free shadow allocated during boot, so we'll have to keep it. If memory will come online again that shadow will be reused.
Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug") Reported-by: Paul Menzel pmenzel+linux-kasan-dev@molgen.mpg.de Signed-off-by: Andrey Ryabinin aryabinin@virtuozzo.com Cc: stable@vger.kernel.org
This seems stuck in -mm. Andrew, can we proceed?
OK.
Should there be a code comment explaining the situation that Matthew asked about? It's rather obscure.
Ok. Here is my attempt to improve the situation. If something is still not clear, I'm open to suggestions.
From: Andrey Ryabinin aryabinin@virtuozzo.com Subject: [PATCH] mm-kasan-dont-vfree-nonexistent-vm_area-fix
Improve comments.
Signed-off-by: Andrey Ryabinin aryabinin@virtuozzo.com --- mm/kasan/kasan.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c index 135ce2838c89..ea44dd0bc4e7 100644 --- a/mm/kasan/kasan.c +++ b/mm/kasan/kasan.c @@ -812,7 +812,7 @@ static bool shadow_mapped(unsigned long addr) /* * We can't use pud_large() or pud_huge(), the first one * is arch-specific, the last one depend on HUGETLB_PAGE. - * So let's abuse pud_bad(), if bud is bad it's has to + * So let's abuse pud_bad(), if pud is bad than it's bad * because it's huge. */ if (pud_bad(*pud)) @@ -871,9 +871,16 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb, struct vm_struct *vm;
/* - * Only hot-added memory have vm_area. Freeing shadow - * mapped during boot would be tricky, so we'll just - * have to keep it. + * shadow_start was either mapped during boot by kasan_init() + * or during memory online by __vmalloc_node_range(). + * In the latter case we can use vfree() to free shadow. + * Non-NULL result of the find_vm_area() will tell us if + * that was the second case. + * + * Currently it's not possible to free shadow mapped + * during boot by kasan_init(). It's because the code + * to do that hasn't been written yet. So we'll just + * leak the memory. */ vm = find_vm_area((void *)shadow_start); if (vm)