Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp673090pxb; Thu, 9 Sep 2021 09:25:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzg12vuoiYWQt4FDUfSQwnaTLcREifKBUNXbpnLxUlSm8egmlACuxSOA42aIEHs4GiBKYCM X-Received: by 2002:aa7:c9c1:: with SMTP id i1mr4145893edt.204.1631204743150; Thu, 09 Sep 2021 09:25:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631204743; cv=none; d=google.com; s=arc-20160816; b=gMMQU/wzdi7LlzdJNvZpmouRPYoMAPcSKhCJ3kFH5OonFk8uaQSfLdk9obks6dAX6w mf3EHS0+4wXFPweHuQ9Ddv60cWg+hGhN/vXhyU8asVPILqzJ/PjsEYoX9Xyq7Slm2nZ5 +ndz2UxdPkRUqHq1u6YNG8EGQl/fGlPC2UlBIrRZldsQ9w7cwQJezJp6DC1zR/wzSdc4 3DGYccEgdlUZxbPkXVP33yM7P2hrVIKchKrIZa9q3Qx0xS5GdUHz/JwyEp/xk/j7zTDS sWnUyJDDTGjyhBdTfn9fd8NOpDDx8s+ZuPi61pIeZf9yOW3u+W8ne1+55xFCcvurS6QT xPJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=87Mua4NbTS7oP3gkDXZZUnEGgyi6Qj+P+zd/pBlYJc8=; b=wNtq3Pq4qK/ld/LYtmBzOm7jN8y81rhw3NAZpQBbyoQCDiDzZ8OpD42imO1GS7vQBA 15L1jusR7YKdL2zXo3jXpeBl202vfccuikTYnI8phT0TWX/cJ0udAuLS0Xl5VVFjf8g5 8cGiamxwv3jtTut7Cu9T5iqH0FnznAzc7/GCn4I/IIsshG3/viRipc371R+QvUm4oj37 Hu4iLY2rvbsBnng6XM45BHIiwHFhjK8C1EXUVgBCR28XXvY1QQxlg+3ZO5CzdYXjFOuq vvtx6tovszQMnkkCq2cKTSZkxcDcH+5FuKqDQkqw0LCz/jZxkDvJ7cbIdRSlYxr7xgm+ hp2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LaUqb2JN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 6si3038075eje.315.2021.09.09.09.25.08; Thu, 09 Sep 2021 09:25:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LaUqb2JN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236884AbhIIQYw (ORCPT + 99 others); Thu, 9 Sep 2021 12:24:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:30042 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234735AbhIIQYw (ORCPT ); Thu, 9 Sep 2021 12:24:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631204622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=87Mua4NbTS7oP3gkDXZZUnEGgyi6Qj+P+zd/pBlYJc8=; b=LaUqb2JNSbg1tGogWRXwFTvA2kdy3DiSHLAdsvCGnK8KRbMnIdJ2rgQ9APwrM84WGjZuSf 06FwO953DxwZx0tyiZbqrkE92tHsi2vvupl7XEZSl9eFq3xHAntuhfABHu2tAHnPKvAuLh txHnkTeOQ1UaHyTBX8gXejpV+f4zGpE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-234-qr5LxvXsMziVhewUddlc0A-1; Thu, 09 Sep 2021 12:23:41 -0400 X-MC-Unique: qr5LxvXsMziVhewUddlc0A-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4D99E802C8A; Thu, 9 Sep 2021 16:23:00 +0000 (UTC) Received: from t480s.redhat.com (unknown [10.39.192.233]) by smtp.corp.redhat.com (Postfix) with ESMTP id 051B218FD2; Thu, 9 Sep 2021 16:22:56 +0000 (UTC) From: David Hildenbrand To: linux-kernel@vger.kernel.org Cc: linux-s390@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, David Hildenbrand , Christian Borntraeger , Janosch Frank , Cornelia Huck , Claudio Imbrenda , Heiko Carstens , Vasily Gorbik , Niklas Schnelle , Gerald Schaefer , Ulrich Weigand Subject: [PATCH resend RFC 2/9] s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() Date: Thu, 9 Sep 2021 18:22:41 +0200 Message-Id: <20210909162248.14969-3-david@redhat.com> In-Reply-To: <20210909162248.14969-1-david@redhat.com> References: <20210909162248.14969-1-david@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ... otherwise we will try unlocking a spinlock that was never locked via a garbage pointer. At the time we reach this code path, we usually successfully looked up a PGSTE already; however, evil user space could have manipulated the VMA layout in the meantime and triggered removal of the page table. Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c") Signed-off-by: David Hildenbrand --- arch/s390/mm/gmap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index b6b56cd4ca64..9023bf3ced89 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -690,9 +690,10 @@ void __gmap_zap(struct gmap *gmap, unsigned long gaddr) /* Get pointer to the page table entry */ ptep = get_locked_pte(gmap->mm, vmaddr, &ptl); - if (likely(ptep)) + if (likely(ptep)) { ptep_zap_unused(gmap->mm, vmaddr, ptep, 0); - pte_unmap_unlock(ptep, ptl); + pte_unmap_unlock(ptep, ptl); + } } } EXPORT_SYMBOL_GPL(__gmap_zap); -- 2.31.1