| From 1843abd03250115af6cec0892683e70cf2297c25 Mon Sep 17 00:00:00 2001 |
| From: Janosch Frank <frankja@linux.ibm.com> |
| Date: Thu, 16 Aug 2018 09:02:31 +0100 |
| Subject: s390/mm: Check for valid vma before zapping in gmap_discard |
| |
| From: Janosch Frank <frankja@linux.ibm.com> |
| |
| commit 1843abd03250115af6cec0892683e70cf2297c25 upstream. |
| |
| Userspace could have munmapped the area before doing unmapping from |
| the gmap. This would leave us with a valid vmaddr, but an invalid vma |
| from which we would try to zap memory. |
| |
| Let's check before using the vma. |
| |
| Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c") |
| Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
| Reviewed-by: David Hildenbrand <david@redhat.com> |
| Reported-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Message-Id: <20180816082432.78828-1-frankja@linux.ibm.com> |
| Signed-off-by: Janosch Frank <frankja@linux.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/s390/mm/pgtable.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/arch/s390/mm/pgtable.c |
| +++ b/arch/s390/mm/pgtable.c |
| @@ -637,6 +637,8 @@ void gmap_discard(struct gmap *gmap, uns |
| vmaddr |= gaddr & ~PMD_MASK; |
| /* Find vma in the parent mm */ |
| vma = find_vma(gmap->mm, vmaddr); |
| + if (!vma) |
| + continue; |
| size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK)); |
| zap_page_range(vma, vmaddr, size, NULL); |
| } |
