Commit 2f393c22 authored by Claudio Imbrenda's avatar Claudio Imbrenda Committed by Heiko Carstens
Browse files

KVM: s390: Fix gmap_helper_zap_one_page() again 



A few checks were missing in gmap_helper_zap_one_page(), which can lead
to memory corruption in the guest under specific circumstances.

Add the missing checks.

Fixes: 5deafa27 ("KVM: s390: Fix to clear PTE when discarding a swapped page")
Cc: stable@vger.kernel.org
Reported-by: default avatarMarc Hartmayer <mhartmay@linux.ibm.com>
Tested-by: default avatarMarc Hartmayer <mhartmay@linux.ibm.com>
Acked-by: default avatarChristian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: default avatarClaudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
parent f770950a

arch/s390/mm/gmap_helpers.c

+7 −2
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ static void ptep_zap_softleaf_entry(struct mm_struct *mm, softleaf_t entry) 
void gmap_helper_zap_one_page(struct mm_struct *mm, unsigned long vmaddr)

{

	struct vm_area_struct *vma;

	unsigned long pgstev;

	spinlock_t *ptl;

	pgste_t pgste;

	pte_t *ptep;
@@ -65,9 +66,13 @@ void gmap_helper_zap_one_page(struct mm_struct *mm, unsigned long vmaddr) 
	if (pte_swap(*ptep)) {

		preempt_disable();

		pgste = pgste_get_lock(ptep);

		pgstev = pgste_val(pgste);



		if ((pgstev & _PGSTE_GPS_USAGE_MASK) == _PGSTE_GPS_USAGE_UNUSED ||

		    (pgstev & _PGSTE_GPS_ZERO)) {

			ptep_zap_softleaf_entry(mm, softleaf_from_pte(*ptep));

			pte_clear(mm, vmaddr, ptep);

		}



		pgste_set_unlock(ptep, pgste);

		preempt_enable();