On 16.08.2018 10:24, Janosch Frank wrote: > Userspace could have munmapped the area before doing unmapping from > the gmap. This would leave us with a valid vmaddr, but an invalid vma > from which we would try to zap memory. > > Let's check before using the vma. > > Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> > Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > arch/s390/mm/gmap.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c > index bb44990c8212..911c7ded35f1 100644 > --- a/arch/s390/mm/gmap.c > +++ b/arch/s390/mm/gmap.c > @@ -708,11 +708,13 @@ void gmap_discard(struct gmap *gmap, unsigned long from, unsigned long to) > vmaddr |= gaddr & ~PMD_MASK; > /* Find vma in the parent mm */ > vma = find_vma(gmap->mm, vmaddr); > + if (!vma) > + continue; > /* > * We do not discard pages that are backed by > * hugetlbfs, so we don't have to refault them. > */ > - if (vma && is_vm_hugetlb_page(vma)) > + if (is_vm_hugetlb_page(vma)) > continue; > size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK)); > zap_page_range(vma, vmaddr, size); > Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> -- Thanks, David / dhildenb