[PATCH 4.4] s390/mm: Check for valid vma before zapping in gmap_discard

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Janosch Frank <frankja@linux.ibm.com>
To: stable@vger.kernel.org
Cc: borntraeger@de.ibm.com
Subject: [PATCH 4.4] s390/mm: Check for valid vma before zapping in gmap_discard
Date: Thu,  8 Nov 2018 09:37:32 +0100	[thread overview]
Message-ID: <1541666252-18470-1-git-send-email-frankja@linux.ibm.com> (raw)

From: Janosch Frank <frankja@de.ibm.com>

Userspace could have munmapped the area before doing unmapping from
the gmap. This would leave us with a valid vmaddr, but an invalid vma
from which we would try to zap memory. Let's check before using the
vma.

Function was moved with 1e133ab296f3 in v4.6.
Is 1843abd upstream.

Fixes: 388186b ("kvm: Handle diagnose 0x10 (release pages)")
Signed-off-by: Janosch Frank <frankja@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
CC: <stable@vger.kernel.org> # 4.4
---
 arch/s390/mm/pgtable.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
index 05ae254..1866b6a 100644
--- a/arch/s390/mm/pgtable.c
+++ b/arch/s390/mm/pgtable.c
@@ -637,6 +637,8 @@ void gmap_discard(struct gmap *gmap, unsigned long from, unsigned long to)
 		vmaddr |= gaddr & ~PMD_MASK;
 		/* Find vma in the parent mm */
 		vma = find_vma(gmap->mm, vmaddr);
+		if (!vma)
+			continue;
 		size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK));
 		zap_page_range(vma, vmaddr, size, NULL);
 	}
-- 
2.7.4

                 reply	other threads:[~2018-11-08 18:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:05ae254 dfblob:1866b6a )
 OR (
bs:"[PATCH 4.4] s390/mm: Check for valid vma before zapping in gmap_discard" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1541666252-18470-1-git-send-email-frankja@linux.ibm.com \
    --to=frankja@linux.ibm.com \
    --cc=borntraeger@de.ibm.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox