diff options
| author | Ryosuke Yasuoka <ryasuoka@redhat.com> | 2025-12-06 23:09:36 +0900 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2026-01-01 10:01:32 +0100 |
| commit | 95cc9e7cf03d3646abce4129d5c013af33a7df99 (patch) | |
| tree | 4f2b1c3f08f6e935e7615ae0815448d44225398a /tools/perf/scripts/python/flamegraph.py | |
| parent | Merge tag 'nfsd-6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/... (diff) | |
| download | linux-95cc9e7cf03d3646abce4129d5c013af33a7df99.tar.gz linux-95cc9e7cf03d3646abce4129d5c013af33a7df99.zip | |
x86/kvm: Avoid freeing stack-allocated node in kvm_async_pf_queue_task
kvm_async_pf_queue_task() can incorrectly try to kfree() a node
allocated on the stack of kvm_async_pf_task_wait_schedule().
This occurs when a task requests a PF while another task's PF request
with the same token is still pending. Since the token is derived from
the (u32)address in exc_page_fault(), two different tasks can generate
the same token.
Currently, kvm_async_pf_queue_task() assumes that any entry found in the
list is a dummy entry and tries to kfree() it. To fix this, add a flag
to the node structure to distinguish stack-allocated nodes, and only
kfree() the node if it is a dummy entry.
Signed-off-by: Ryosuke Yasuoka <ryasuoka@redhat.com>
Message-ID: <20251206140939.144038-1-ryasuoka@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/flamegraph.py')
0 files changed, 0 insertions, 0 deletions