mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 18:41:06 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch
History
David Hildenbrand eadbd5d1ec s390/uv: fully validate the VMA before calling follow_page() 
[ Upstream commit 46c22ffd27 ]

We should not walk/touch page tables outside of VMA boundaries when
holding only the mmap sem in read mode. Evil user space can modify the
VMA layout just before this function runs and e.g., trigger races with
page table removal code since commit dd2283f260 ("mm: mmap: zap pages
with read mmap_sem in munmap").

find_vma() does not check if the address is >= the VMA start address;
use vma_lookup() instead.

Fixes: 214d9bbcd3 ("s390/mm: provide memory management functions for protected KVM guests")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link: https://lore.kernel.org/r/20210909162248.14969-6-david@redhat.com
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:16:40 +01:00
..
alpha alpha: enable GENERIC_PCI_IOMAP unconditionally 2021-09-19 10:37:00 -07:00
arc ARC: fix potential build snafu 2021-10-15 18:06:32 -07:00
arm ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 2021-11-18 19:16:19 +01:00
arm64 arm64: mm: update max_pfn after memory hotplug 2021-11-18 19:16:27 +01:00
csky csky: Make HAVE_TCM depend on !COMPILE_TEST 2021-10-16 07:20:12 +08:00
h8300 Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
hexagon Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
ia64 ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK 2021-11-18 19:16:13 +01:00
m68k m68k: Remove set_fs() 2021-09-24 13:35:07 +02:00
microblaze Microblaze patches for 5.15-rc1 2021-09-08 16:02:13 -07:00
mips MIPS: lantiq: dma: fix burst length for DEU 2021-11-18 19:16:23 +01:00
nds32 ftrace/nds32: Update the proto for ftrace_trace_function to match ftrace_stub 2021-10-27 13:00:17 -04:00
nios2 nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST 2021-10-27 09:29:07 -05:00
openrisc Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
parisc parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling 2021-11-18 19:16:21 +01:00
powerpc powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found 2021-11-18 19:16:03 +01:00
riscv RISC-V Fixes for 5.15 (or -rc8) 2021-10-30 09:28:24 -07:00
s390 s390/uv: fully validate the VMA before calling follow_page() 2021-11-18 19:16:40 +01:00
sh sh: pgtable-3level: fix cast to pointer from integer of different size 2021-09-24 16:13:35 -07:00
sparc sparc64: fix pci_iounmap() when CONFIG_PCI is not set 2021-09-20 10:56:32 -07:00
um This pull request contains the following changes for UML: 2021-09-09 13:45:26 -07:00
x86 x86/sev: Fix stack type check in vc_switch_off_ist() 2021-11-18 19:16:39 +01:00
xtensa xtensa: xtfpga: Try software restart before simulating CPU reset 2021-10-05 12:19:05 -07:00
.gitignore
Kconfig Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00