releases/4.4.166/s390-mm-check-for-valid-vma-before-zapping-in-gmap_discard.patch

   1 From 1843abd03250115af6cec0892683e70cf2297c25 Mon Sep 17 00:00:00 2001
   2 From: Janosch Frank <frankja@linux.ibm.com>
   3 Date: Thu, 16 Aug 2018 09:02:31 +0100
   4 Subject: s390/mm: Check for valid vma before zapping in gmap_discard
   5
   6 From: Janosch Frank <frankja@linux.ibm.com>
   7
   8 commit 1843abd03250115af6cec0892683e70cf2297c25 upstream.
   9
  10 Userspace could have munmapped the area before doing unmapping from
  11 the gmap. This would leave us with a valid vmaddr, but an invalid vma
  12 from which we would try to zap memory.
  13
  14 Let's check before using the vma.
  15
  16 Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c")
  17 Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
  18 Reviewed-by: David Hildenbrand <david@redhat.com>
  19 Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
  20 Message-Id: <20180816082432.78828-1-frankja@linux.ibm.com>
  21 Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
  22 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  23
  24 ---
  25  arch/s390/mm/pgtable.c |    2 ++
  26  1 file changed, 2 insertions(+)
  27
  28 --- a/arch/s390/mm/pgtable.c
  29 +++ b/arch/s390/mm/pgtable.c
  30 @@ -637,6 +637,8 @@ void gmap_discard(struct gmap *gmap, uns
  31                 vmaddr |= gaddr & ~PMD_MASK;
  32                 /* Find vma in the parent mm */
  33                 vma = find_vma(gmap->mm, vmaddr);
  34 +               if (!vma)
  35 +                       continue;
  36                 size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK));
  37                 zap_page_range(vma, vmaddr, size, NULL);
  38         }