KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked()

kvm_pgtable_stage2_free_unlinked() does the final put_page() on the root page of the sub-tree before returning, so remove the additional put_page() invocations in the callers. Cc: Ricardo Koller <ricarkol@google.com> Fixes: f6a27d6dc51b2 ("KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()") Signed-off-by: Will Deacon <will@kernel.org> Reviewed-by: Oliver Upton <oliver.upton@linux.dev> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20240212193052.27765-1-will@kernel.org
author: Will Deacon <will@kernel.org> 2024-02-12 22:30:52 +0300
committer: Marc Zyngier <maz@kernel.org> 2024-02-13 22:22:03 +0300
commit: c60d847be7b8e69e419e02a2b3d19c2842a3c35d (patch)
tree: 2137ed79f05899ae4e265392d86e1ca661019edc /arch
parent: 42dfa94d802a48c871e2017cbf86153270c86632 (diff)
download: linux-c60d847be7b8e69e419e02a2b3d19c2842a3c35d.tar.xz
1 files changed, 0 insertions, 2 deletions
diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
index c651df904fe3..ab9d05fcf98b 100644
--- a/arch/arm64/kvm/hyp/pgtable.c
+++ b/arch/arm64/kvm/hyp/pgtable.c
@@ -1419,7 +1419,6 @@ kvm_pte_t *kvm_pgtable_stage2_create_unlinked(struct kvm_pgtable *pgt,
 				 level + 1);
 	if (ret) {
 		kvm_pgtable_stage2_free_unlinked(mm_ops, pgtable, level);
-		mm_ops->put_page(pgtable);
 		return ERR_PTR(ret);
 	}
 
@@ -1502,7 +1501,6 @@ static int stage2_split_walker(const struct kvm_pgtable_visit_ctx *ctx,
 
 	if (!stage2_try_break_pte(ctx, mmu)) {
 		kvm_pgtable_stage2_free_unlinked(mm_ops, childp, level);
-		mm_ops->put_page(childp);
 		return -EAGAIN;
 	}
author	Will Deacon <will@kernel.org>	2024-02-12 22:30:52 +0300
committer	Marc Zyngier <maz@kernel.org>	2024-02-13 22:22:03 +0300
commit	c60d847be7b8e69e419e02a2b3d19c2842a3c35d (patch)
tree	2137ed79f05899ae4e265392d86e1ca661019edc /arch
parent	42dfa94d802a48c871e2017cbf86153270c86632 (diff)
download	linux-c60d847be7b8e69e419e02a2b3d19c2842a3c35d.tar.xz