On 16.08.2018 10:26, David Hildenbrand wrote: > On 16.08.2018 10:24, Janosch Frank wrote: >> Userspace could have munmapped the area before doing unmapping from >> the gmap. This would leave us with a valid vmaddr, but an invalid vma >> from which we would try to zap memory. >> >> Let's check before using the vma. >> >> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> >> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> >> --- >> arch/s390/mm/gmap.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c >> index bb44990c8212..911c7ded35f1 100644 >> --- a/arch/s390/mm/gmap.c >> +++ b/arch/s390/mm/gmap.c >> @@ -708,11 +708,13 @@ void gmap_discard(struct gmap *gmap, unsigned long from, unsigned long to) >> vmaddr |= gaddr & ~PMD_MASK; >> /* Find vma in the parent mm */ >> vma = find_vma(gmap->mm, vmaddr); >> + if (!vma) >> + continue; >> /* >> * We do not discard pages that are backed by >> * hugetlbfs, so we don't have to refault them. >> */ >> - if (vma && is_vm_hugetlb_page(vma)) >> + if (is_vm_hugetlb_page(vma)) >> continue; >> size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK)); >> zap_page_range(vma, vmaddr, size); >> > > Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> That was fast. Thanks
Attachment:
signature.asc
Description: OpenPGP digital signature