Patch "s390/mm: do not trigger write fault when vma does not allow VM_WRITE" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 01 Sep 2022 12:40:48 +0200

This is a note to let you know that I've just added the patch titled

    s390/mm: do not trigger write fault when vma does not allow VM_WRITE

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 41ac42f137080bc230b5882e3c88c392ab7f2d32 Mon Sep 17 00:00:00 2001
From: Gerald Schaefer <gerald.schaefer@xxxxxxxxxxxxx>
Date: Wed, 17 Aug 2022 15:26:03 +0200
Subject: s390/mm: do not trigger write fault when vma does not allow VM_WRITE

From: Gerald Schaefer <gerald.schaefer@xxxxxxxxxxxxx>

commit 41ac42f137080bc230b5882e3c88c392ab7f2d32 upstream.

For non-protection pXd_none() page faults in do_dat_exception(), we
call do_exception() with access == (VM_READ | VM_WRITE | VM_EXEC).
In do_exception(), vma->vm_flags is checked against that before
calling handle_mm_fault().

Since commit 92f842eac7ee3 ("[S390] store indication fault optimization"),
we call handle_mm_fault() with FAULT_FLAG_WRITE, when recognizing that
it was a write access. However, the vma flags check is still only
checking against (VM_READ | VM_WRITE | VM_EXEC), and therefore also
calling handle_mm_fault() with FAULT_FLAG_WRITE in cases where the vma
does not allow VM_WRITE.

Fix this by changing access check in do_exception() to VM_WRITE only,
when recognizing write access.

Link: https://lkml.kernel.org/r/20220811103435.188481-3-david@xxxxxxxxxx
Fixes: 92f842eac7ee3 ("[S390] store indication fault optimization")
Cc: <stable@xxxxxxxxxxxxxxx>
Reported-by: David Hildenbrand <david@xxxxxxxxxx>
Reviewed-by: Heiko Carstens <hca@xxxxxxxxxxxxx>
Signed-off-by: Gerald Schaefer <gerald.schaefer@xxxxxxxxxxxxx>
Signed-off-by: Vasily Gorbik <gor@xxxxxxxxxxxxx>
Signed-off-by: Gerald Schaefer <gerald.schaefer@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/s390/mm/fault.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/arch/s390/mm/fault.c
+++ b/arch/s390/mm/fault.c
@@ -409,7 +409,9 @@ static inline int do_exception(struct pt
 	flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE;
 	if (user_mode(regs))
 		flags |= FAULT_FLAG_USER;
-	if (access == VM_WRITE || (trans_exc_code & store_indication) == 0x400)
+	if ((trans_exc_code & store_indication) == 0x400)
+		access = VM_WRITE;
+	if (access == VM_WRITE)
 		flags |= FAULT_FLAG_WRITE;
 	down_read(&mm->mmap_sem);
 


Patches currently in stable-queue which might be from gerald.schaefer@xxxxxxxxxxxxx are

queue-4.9/s390-mm-do-not-trigger-write-fault-when-vma-does-not-allow-vm_write.patch






