Merge tag 'vfio-v6.0-rc5' of https://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:

 - Fix zero page refcount leak (Alex Williamson)

* tag 'vfio-v6.0-rc5' of https://github.com/awilliam/linux-vfio:
  vfio/type1: Unpin zero pages

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index db516c9..8706482 100644 (file)
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -558,6 +558,18 @@ static int vaddr_get_pfns(struct mm_struct *mm, unsigned long vaddr,
        ret = pin_user_pages_remote(mm, vaddr, npages, flags | FOLL_LONGTERM,
                                    pages, NULL, NULL);
        if (ret > 0) {
+               int i;
+
+               /*
+                * The zero page is always resident, we don't need to pin it
+                * and it falls into our invalid/reserved test so we don't
+                * unpin in put_pfn().  Unpin all zero pages in the batch here.
+                */
+               for (i = 0 ; i < ret; i++) {
+                       if (unlikely(is_zero_pfn(page_to_pfn(pages[i]))))
+                               unpin_user_page(pages[i]);
+               }
+
                *pfn = page_to_pfn(pages[0]);
                goto done;
        }