kho: fix unpreservation of higher-order vmalloc preservations

prati0100 · akpm00 · commit 7ecd2e439d12 · 2025-11-09T21:19:47.000-08:00
kho_vmalloc_unpreserve_chunk() calls __kho_unpreserve() with end_pfn as pfn + 1. This happens to work for 0-order pages, but leaks higher order pages. For example, say order 2 pages back the allocation. During preservation, they get preserved in the order 2 bitmaps, but kho_vmalloc_unpreserve_chunk() would try to unpreserve them from the order 0 bitmaps, which should not have these bits set anyway, leaving the order 2 bitmaps untouched. This results in the pages being carried over to the next kernel. Nothing will free those pages in the next boot, leaking them. Fix this by taking the order into account when calculating the end PFN for __kho_unpreserve(). Link: https://lkml.kernel.org/r/20251103180235.71409-2-pratyush@kernel.org Fixes: a667300 ("kho: add support for preserving vmalloc allocations") Signed-off-by: Pratyush Yadav <pratyush@kernel.org> Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org> Cc: Alexander Graf <graf@amazon.com> Cc: Baoquan He <bhe@redhat.com> Cc: Pasha Tatashin <pasha.tatashin@soleen.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/kernel/kexec_handover.c b/kernel/kexec_handover.c
@@ -882,7 +882,8 @@ static struct kho_vmalloc_chunk *new_vmalloc_chunk(struct kho_vmalloc_chunk *cur
 	return NULL;
 }
 
-static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk)
+static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk,
+					 unsigned short order)
 {
 	struct kho_mem_track *track = &kho_out.ser.track;
 	unsigned long pfn = PHYS_PFN(virt_to_phys(chunk));
@@ -891,7 +892,7 @@ static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk)
 
 	for (int i = 0; i < ARRAY_SIZE(chunk->phys) && chunk->phys[i]; i++) {
 		pfn = PHYS_PFN(chunk->phys[i]);
-		__kho_unpreserve(track, pfn, pfn + 1);
+		__kho_unpreserve(track, pfn, pfn + (1 << order));
 	}
 }
 
@@ -902,7 +903,7 @@ static void kho_vmalloc_free_chunks(struct kho_vmalloc *kho_vmalloc)
 	while (chunk) {
 		struct kho_vmalloc_chunk *tmp = chunk;
 
-		kho_vmalloc_unpreserve_chunk(chunk);
+		kho_vmalloc_unpreserve_chunk(chunk, kho_vmalloc->order);
 
 		chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
 		free_page((unsigned long)tmp);

Original file line number	Diff line number	Diff line change
`@@ -882,7 +882,8 @@ static struct kho_vmalloc_chunk new_vmalloc_chunk(struct kho_vmalloc_chunk cur`
`882`	`882`	`return NULL;`
`883`	`883`	`}`
`884`	`884`
`885`		`-static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk)`
	`885`	`+static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk,`
	`886`	`+ unsigned short order)`
`886`	`887`	`{`
`887`	`888`	`struct kho_mem_track *track = &kho_out.ser.track;`
`888`	`889`	`unsigned long pfn = PHYS_PFN(virt_to_phys(chunk));`
`@@ -891,7 +892,7 @@ static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk)`
`891`	`892`
`892`	`893`	`for (int i = 0; i < ARRAY_SIZE(chunk->phys) && chunk->phys[i]; i++) {`
`893`	`894`	`pfn = PHYS_PFN(chunk->phys[i]);`
`894`		`- __kho_unpreserve(track, pfn, pfn + 1);`
	`895`	`+ __kho_unpreserve(track, pfn, pfn + (1 << order));`
`895`	`896`	`}`
`896`	`897`	`}`
`897`	`898`
`@@ -902,7 +903,7 @@ static void kho_vmalloc_free_chunks(struct kho_vmalloc *kho_vmalloc)`
`902`	`903`	`while (chunk) {`
`903`	`904`	`struct kho_vmalloc_chunk *tmp = chunk;`
`904`	`905`
`905`		`- kho_vmalloc_unpreserve_chunk(chunk);`
	`906`	`+ kho_vmalloc_unpreserve_chunk(chunk, kho_vmalloc->order);`
`906`	`907`
`907`	`908`	`chunk = KHOSER_LOAD_PTR(chunk->hdr.next);`
`908`	`909`	`free_page((unsigned long)tmp);`