[PATCH v2] mm/kasan: Fix double free for kasan pXds
Andrey Ryabinin
ryabinin.a.a at gmail.com
Fri Mar 6 05:31:03 AEDT 2026
"Ritesh Harjani (IBM)" <ritesh.list at gmail.com> writes:
> kasan_free_pxd() assumes the page table is always struct page aligned.
> But that's not always the case for all architectures. E.g. In case of
> powerpc with 64K pagesize, PUD table (of size 4096) comes from slab
> cache named pgtable-2^9. Hence instead of page_to_virt(pxd_page()) let's
> just directly pass the start of the pxd table which is passed as the 1st
> argument.
>
> This fixes the below double free kasan issue seen with PMEM:
>
> radix-mmu: Mapped 0x0000047d10000000-0x0000047f90000000 with 2.00 MiB pages
> ==================================================================
> BUG: KASAN: double-free in kasan_remove_zero_shadow+0x9c4/0xa20
...
>
> Fixes: 0207df4fa1a8 ("kernel/memremap, kasan: make ZONE_DEVICE with work with KASAN")
> Cc: stable at vger.kernel.org
> Reported-by: Venkat Rao Bagalkote <venkat88 at linux.ibm.com>
> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list at gmail.com>
>
Reviewed-by: Andrey Ryabinin <ryabinin.a.a at gmail.com>
More information about the Linuxppc-dev
mailing list