From bc5817e2f5dba5ade640ddf09dcb1d4079a0b69c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 1 Sep 2022 12:15:12 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch
---
 ...ult-when-vma-does-not-allow-vm_write.patch | 50 +++++++++++++++++++
 queue-5.10/series                             |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 queue-5.10/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch

diff --git a/queue-5.10/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch b/queue-5.10/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch
new file mode 100644
index 00000000000..792c8208ba3
--- /dev/null
+++ b/queue-5.10/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch
@@ -0,0 +1,50 @@
+From 41ac42f137080bc230b5882e3c88c392ab7f2d32 Mon Sep 17 00:00:00 2001
+From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+Date: Wed, 17 Aug 2022 15:26:03 +0200
+Subject: s390/mm: do not trigger write fault when vma does not allow VM_WRITE
+
+From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+
+commit 41ac42f137080bc230b5882e3c88c392ab7f2d32 upstream.
+
+For non-protection pXd_none() page faults in do_dat_exception(), we
+call do_exception() with access == (VM_READ | VM_WRITE | VM_EXEC).
+In do_exception(), vma->vm_flags is checked against that before
+calling handle_mm_fault().
+
+Since commit 92f842eac7ee3 ("[S390] store indication fault optimization"),
+we call handle_mm_fault() with FAULT_FLAG_WRITE, when recognizing that
+it was a write access. However, the vma flags check is still only
+checking against (VM_READ | VM_WRITE | VM_EXEC), and therefore also
+calling handle_mm_fault() with FAULT_FLAG_WRITE in cases where the vma
+does not allow VM_WRITE.
+
+Fix this by changing access check in do_exception() to VM_WRITE only,
+when recognizing write access.
+
+Link: https://lkml.kernel.org/r/20220811103435.188481-3-david@redhat.com
+Fixes: 92f842eac7ee3 ("[S390] store indication fault optimization")
+Cc: <stable@vger.kernel.org>
+Reported-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/mm/fault.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/s390/mm/fault.c
++++ b/arch/s390/mm/fault.c
+@@ -429,7 +429,9 @@ static inline vm_fault_t do_exception(st
+ 	flags = FAULT_FLAG_DEFAULT;
+ 	if (user_mode(regs))
+ 		flags |= FAULT_FLAG_USER;
+-	if (access == VM_WRITE || (trans_exc_code & store_indication) == 0x400)
++	if ((trans_exc_code & store_indication) == 0x400)
++		access = VM_WRITE;
++	if (access == VM_WRITE)
+ 		flags |= FAULT_FLAG_WRITE;
+ 	mmap_read_lock(mm);
+ 
diff --git a/queue-5.10/series b/queue-5.10/series
index a167100e763..ca850e1b6cb 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -2,3 +2,4 @@ mm-force-tlb-flush-for-pfnmap-mappings-before-unlink_file_vma.patch
 x86-nospec-unwreck-the-rsb-stuffing.patch
 x86-nospec-fix-i386-rsb-stuffing.patch
 crypto-lib-remove-unneeded-selection-of-xor_blocks.patch
+s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch
-- 
2.47.2