On 27/08/14 05:06, Ben Hutchings wrote: > On Mon, 2014-08-25 at 15:10 +0200, Christian Borntraeger wrote: >> The PFMF instruction handler blindly wrote the storage key even if >> the page was mapped R/O in the host. Lets try a COW before continuing >> and bail out in case of errors. >> >> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx> >> Reviewed-by: Dominik Dingel <dingel@xxxxxxxxxxxxxxxxxx> >> Cc: stable@xxxxxxxxxxxxxxx >> --- >> arch/s390/mm/pgtable.c | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c >> index 19daa53..5404a62 100644 >> --- a/arch/s390/mm/pgtable.c >> +++ b/arch/s390/mm/pgtable.c >> @@ -986,11 +986,21 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr, >> pte_t *ptep; >> >> down_read(&mm->mmap_sem); >> +retry: >> ptep = get_locked_pte(current->mm, addr, &ptl); >> if (unlikely(!ptep)) { >> up_read(&mm->mmap_sem); >> return -EFAULT; >> } >> + if (!(pte_val(*ptep) & _PAGE_INVALID) && >> + (pte_val(*ptep) & _PAGE_PROTECT)) { >> + pte_unmap_unlock(*ptep, ptl); >> + if (fixup_user_fault(current, mm, addr, FAULT_FLAG_WRITE)) { >> + up_read(&mm->mmap_sem); >> + return -EFAULT; >> + } >> + goto retry; >> + } > > Every line below the first 'if' is indented one tab stop too far. > > Ben. > >> new = old = pgste_get_lock(ptep); >> pgste_val(new) &= ~(PGSTE_GR_BIT | PGSTE_GC_BIT | > Hmm, indeed. Drat. Paolo, do you want a revert, resend? Christian -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html