[PATCH RFC 2/9] s390/gmap: don't unconditionally call pte_unmap_unlock() in... | kvm

[PATCH RFC 0/9] s390: fixes, cleanups and optimizations for page table walkers · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 1/9] s390/gmap: validate VMA in __gmap_zap() · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 2/9] s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 3/9] s390/mm: validate VMA in PGSTE manipulation functions · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 4/9] s390/mm: fix VMA and page table handling code in storage key handling functions · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 5/9] s390/uv: fully validate the VMA before calling follow_page() · David Hildenbrand <hidden> · 2021-09-09
Re: [PATCH RFC 5/9] s390/uv: fully validate the VMA before calling follow_page() · Liam Howlett <hidden> · 2021-09-10
[PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · David Hildenbrand <hidden> · 2021-09-09
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · Niklas Schnelle <schnelle@linux.ibm.com> · 2021-09-10
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · David Hildenbrand <hidden> · 2021-09-10
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · Niklas Schnelle <schnelle@linux.ibm.com> · 2021-09-10
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · Liam Howlett <hidden> · 2021-09-10
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · Niklas Schnelle <schnelle@linux.ibm.com> · 2021-09-10
Re: [PATCH RFC 6/9] s390/pci_mmio: fully validate the VMA before calling follow_pte() · Liam Howlett <hidden> · 2021-09-10
[PATCH RFC 7/9] s390/mm: no need for pte_alloc_map_lock() if we know the pmd is present · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 8/9] s390/mm: optimize set_guest_storage_key() · David Hildenbrand <hidden> · 2021-09-09
[PATCH RFC 9/9] s390/mm: optimize reset_guest_reference_bit() · David Hildenbrand <hidden> · 2021-09-09

STALE1749d

Revisions (2)

2021-09-09 rfc current
2021-09-09 resend [diff vs current]

[PATCH RFC 2/9] s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()

From: David Hildenbrand <hidden>
Date: 2021-09-09 15:00:06
Also in: linux-mm, linux-s390, lkml
Subsystem: s390 architecture, the rest · Maintainers: Heiko Carstens, Vasily Gorbik, Alexander Gordeev, Linus Torvalds

... otherwise we will try unlocking a spinlock that was never locked via a
garbage pointer.

At the time we reach this code path, we usually successfully looked up
a PGSTE already; however, evil user space could have manipulated the VMA
layout in the meantime and triggered removal of the page table.

Fixes: 1e133ab296f3 ("s390/mm: split arch/s390/mm/pgtable.c")
Signed-off-by: David Hildenbrand <redacted>
---
 arch/s390/mm/gmap.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
index b6b56cd4ca64..9023bf3ced89 100644
--- a/arch/s390/mm/gmap.c
+++ b/arch/s390/mm/gmap.c

@@ -690,9 +690,10 @@ void __gmap_zap(struct gmap *gmap, unsigned long gaddr)
 
 		/* Get pointer to the page table entry */
 		ptep = get_locked_pte(gmap->mm, vmaddr, &ptl);
-		if (likely(ptep))
+		if (likely(ptep)) {
 			ptep_zap_unused(gmap->mm, vmaddr, ptep, 0);
-		pte_unmap_unlock(ptep, ptl);
+			pte_unmap_unlock(ptep, ptl);
+		}
 	}
 }
 EXPORT_SYMBOL_GPL(__gmap_zap);

-- 
2.31.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help