[S390] memory leak with RCU_TABLE_FREE

The rcu page table free code uses a couple of bits in the page table
pointer passed to tlb_remove_table to discern the different page table
types. __tlb_remove_table extracts the type with an incorrect mask which
leads to memory leaks. The correct mask is ((FRAG_MASK << 4) | FRAG_MASK).

Cc: stable@kernel.org
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
index 5d56c2b..529a088 100644 (file)
--- a/arch/s390/mm/pgtable.c
+++ b/arch/s390/mm/pgtable.c
@@ -662,8 +662,9 @@ void page_table_free_rcu(struct mmu_gather *tlb, unsigned long *table)
 
 void __tlb_remove_table(void *_table)
 {
-       void *table = (void *)((unsigned long) _table & PAGE_MASK);
-       unsigned type = (unsigned long) _table & ~PAGE_MASK;
+       const unsigned long mask = (FRAG_MASK << 4) | FRAG_MASK;
+       void *table = (void *)((unsigned long) _table & ~mask);
+       unsigned type = (unsigned long) _table & mask;
 
        if (type)
                __page_table_free_rcu(table, type);