提交 adeb2590 编写于 作者: J Jiang Liu 提交者: David Woodhouse

iommu/vt-d: fix memory leakage caused by commit ea8ea460

Commit ea8ea460 "iommu/vt-d: Clean up and fix page table clear/free
behaviour" introduces possible leakage of DMA page tables due to:
        for (pte = page_address(pg); !first_pte_in_page(pte); pte++) {
                if (dma_pte_present(pte) && !dma_pte_superpage(pte))
                        freelist = dma_pte_list_pagetables(domain, level - 1,
                                                           pte, freelist);
        }

For the first pte in a page, first_pte_in_page(pte) will always be true,
thus dma_pte_list_pagetables() will never be called and leak DMA page
tables if level is bigger than 1.
Signed-off-by: NJiang Liu <jiang.liu@linux.intel.com>
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
上级 7713ec06
...@@ -1009,11 +1009,13 @@ static struct page *dma_pte_list_pagetables(struct dmar_domain *domain, ...@@ -1009,11 +1009,13 @@ static struct page *dma_pte_list_pagetables(struct dmar_domain *domain,
if (level == 1) if (level == 1)
return freelist; return freelist;
for (pte = page_address(pg); !first_pte_in_page(pte); pte++) { pte = page_address(pg);
do {
if (dma_pte_present(pte) && !dma_pte_superpage(pte)) if (dma_pte_present(pte) && !dma_pte_superpage(pte))
freelist = dma_pte_list_pagetables(domain, level - 1, freelist = dma_pte_list_pagetables(domain, level - 1,
pte, freelist); pte, freelist);
} pte++;
} while (!first_pte_in_page(pte));
return freelist; return freelist;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册