Merge tag 'kvm-s390-20140825' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD

Here are two fixes for s390 KVM code that prevent: 1. a malicious user to trigger a kernel BUG 2. a malicious user to change the storage key of read-only pages
author: Paolo Bonzini <pbonzini@redhat.com> 2014-08-25 15:37:00 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2014-08-25 15:37:00 +0200
commit: 7cd4b90a737e2e6f41be4ac8b1df847fec67f3da (patch)
tree: 920abb10e0c1279eaf256eaec4d6fbd386ab9ac2 /arch/s390/mm/pgtable.c
parent: 7b46268d29543e313e731606d845e65c17f232e4 (diff)
parent: ab3f285f227fec62868037e9b1b1fd18294a83b8 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
index 19daa53a3da..5404a6261db 100644
--- a/arch/s390/mm/pgtable.c
+++ b/arch/s390/mm/pgtable.c
@@ -986,11 +986,21 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr,
 	pte_t *ptep;
 
 	down_read(&mm->mmap_sem);
+retry:
 	ptep = get_locked_pte(current->mm, addr, &ptl);
 	if (unlikely(!ptep)) {
 		up_read(&mm->mmap_sem);
 		return -EFAULT;
 	}
+	if (!(pte_val(*ptep) & _PAGE_INVALID) &&
+	     (pte_val(*ptep) & _PAGE_PROTECT)) {
+			pte_unmap_unlock(*ptep, ptl);
+			if (fixup_user_fault(current, mm, addr, FAULT_FLAG_WRITE)) {
+				up_read(&mm->mmap_sem);
+				return -EFAULT;
+			}
+			goto retry;
+		}
 
 	new = old = pgste_get_lock(ptep);
 	pgste_val(new) &= ~(PGSTE_GR_BIT | PGSTE_GC_BIT |
author	Paolo Bonzini <pbonzini@redhat.com>	2014-08-25 15:37:00 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2014-08-25 15:37:00 +0200
commit	7cd4b90a737e2e6f41be4ac8b1df847fec67f3da (patch)
tree	920abb10e0c1279eaf256eaec4d6fbd386ab9ac2 /arch/s390/mm/pgtable.c
parent	7b46268d29543e313e731606d845e65c17f232e4 (diff)
parent	ab3f285f227fec62868037e9b1b1fd18294a83b8 (diff)