renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-16 01:04:08 +08:00
Code
fe3d100240
linux-next/arch/s390/mm
History
David Hildenbrand fe3d100240 s390/mm: validate VMA in PGSTE manipulation functions 
We should not walk/touch page tables outside of VMA boundaries when
holding only the mmap sem in read mode. Evil user space can modify the
VMA layout just before this function runs and e.g., trigger races with
page table removal code since commit dd2283f260 ("mm: mmap: zap pages
with read mmap_sem in munmap"). gfn_to_hva() will only translate using
KVM memory regions, but won't validate the VMA.

Further, we should not allocate page tables outside of VMA boundaries: if
evil user space decides to map hugetlbfs to these ranges, bad things will
happen because we suddenly have PTE or PMD page tables where we
shouldn't have them.

Similarly, we have to check if we suddenly find a hugetlbfs VMA, before
calling get_locked_pte().

Fixes: 2d42f94773 ("s390/kvm: Add PGSTE manipulation functions")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Link: https://lore.kernel.org/r/20210909162248.14969-4-david@redhat.com
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2021-10-25 09:20:38 +02:00
..
cmm.c mm: remove unneeded includes of <asm/pgalloc.h> 2020-08-07 11:33:26 -07:00
dump_pagetables.c s390: add kfence region to pagetable dumper 2021-07-30 17:09:02 +02:00
extmem.c s390/extmem: remove stale -ENOSPC comment and handling 2020-07-03 10:49:16 +02:00
fault.c Revert "mm/gup: remove try_get_page(), call try_get_compound_head() directly" 2021-09-07 11:03:45 -07:00
gmap.c s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() 2021-10-25 09:20:38 +02:00
hugetlbpage.c hugetlb: pass vma into huge_pte_alloc() and huge_pmd_share() 2021-05-05 11:27:20 -07:00
init.c Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
kasan_init.c s390/kasan: fix large PMD pages address alignment check 2021-08-25 11:03:33 +02:00
maccess.c s390: replace deprecated CPU-hotplug functions 2021-08-05 14:10:53 +02:00
Makefile s390: add ARCH_HAS_DEBUG_WX support 2020-09-14 11:38:35 +02:00
mmap.c mm: remove unneeded includes of <asm/pgalloc.h> 2020-08-07 11:33:26 -07:00
page-states.c s390/mm: remove unused cmma functions 2021-08-18 10:01:28 +02:00
pageattr.c s390/mm,pageattr: fix walk_pte_level() early exit 2021-08-25 11:03:34 +02:00
pgalloc.c s390/mm: fix phys vs virt confusion in pgtable allocation routines 2021-02-24 00:31:22 +01:00
pgtable.c s390/mm: validate VMA in PGSTE manipulation functions 2021-10-25 09:20:38 +02:00
vmem.c s390: rename dma section to amode31 2021-08-05 14:10:53 +02:00