From: Oliver Upton oliver.upton@linux.dev
commit f6a27d6dc51b288106adaf053cff9c9b9cc12c4e upstream.
The reference count on page table allocations is increased for every 'counted' PTE (valid or donated) in the table in addition to the initial reference from ->zalloc_page(). kvm_pgtable_stage2_free_removed() fails to drop the last reference on the root of the table walk, meaning we leak memory.
Fix it by dropping the last reference after the free walker returns, at which point all references for 'counted' PTEs have been released.
Cc: stable@vger.kernel.org Fixes: 5c359cca1faf ("KVM: arm64: Tear down unlinked stage-2 subtree after break-before-make") Reported-by: Yu Zhao yuzhao@google.com Signed-off-by: Oliver Upton oliver.upton@linux.dev Tested-by: Yu Zhao yuzhao@google.com Signed-off-by: Marc Zyngier maz@kernel.org Link: https://lore.kernel.org/r/20230530193213.1663411-1-oliver.upton@linux.dev Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/arm64/kvm/hyp/pgtable.c | 3 +++ 1 file changed, 3 insertions(+)
--- a/arch/arm64/kvm/hyp/pgtable.c +++ b/arch/arm64/kvm/hyp/pgtable.c @@ -1333,4 +1333,7 @@ void kvm_pgtable_stage2_free_removed(str };
WARN_ON(__kvm_pgtable_walk(&data, mm_ops, ptep, level + 1)); + + WARN_ON(mm_ops->page_count(pgtable) != 1); + mm_ops->put_page(pgtable); }