Commit 1e39eb1b authored Jul 02, 2018 by Nadav Amit Committed by Greg Kroah-Hartman Jul 17, 2018

vmw_balloon: fix inflation with batching



commit 90d72ce079791399ac255c75728f3c9e747b093d upstream.

Embarrassingly, the recent fix introduced worse problem than it solved,
causing the balloon not to inflate. The VM informed the hypervisor that
the pages for lock/unlock are sitting in the wrong address, as it used
the page that is used the uninitialized page variable.

Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off")
Cc: stable@vger.kernel.org
Reviewed-by: Xavier Deguillard <xdeguillard@vmware.com>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 33b9257a

drivers/misc/vmw_balloon.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b,
		unsigned int num_pages, bool is_2m_pages, unsigned int *target)
		{
		unsigned long status;
		unsigned long pfn = page_to_pfn(b->page);
		unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page));

		STATS_INC(b->stats.lock[is_2m_pages]);

		@@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b,
		unsigned int num_pages, bool is_2m_pages, unsigned int *target)
		{
		unsigned long status;
		unsigned long pfn = page_to_pfn(b->page);
		unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page));

		STATS_INC(b->stats.unlock[is_2m_pages]);