diff options
author | Radim Krčmář <rkrcmar@redhat.com> | 2017-09-08 14:40:43 +0200 |
---|---|---|
committer | Radim Krčmář <rkrcmar@redhat.com> | 2017-09-08 14:40:43 +0200 |
commit | 5f54c8b2d4fad95d1f8ecbe023ebe6038e6d3760 (patch) | |
tree | daca83ea5f9af1bd158504bd0b5af89c5a99b7fa /arch/s390/include | |
parent | Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff) | |
parent | KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables list (diff) | |
download | linux-5f54c8b2d4fad95d1f8ecbe023ebe6038e6d3760.tar.xz linux-5f54c8b2d4fad95d1f8ecbe023ebe6038e6d3760.zip |
Merge branch 'kvm-ppc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
This fix was intended for 4.13, but didn't get in because both
maintainers were on vacation.
Paul Mackerras:
"It adds mutual exclusion between list_add_rcu and list_del_rcu calls
on the kvm->arch.spapr_tce_tables list. Without this, userspace could
potentially trigger corruption of the list and cause a host crash or
worse."
Diffstat (limited to 'arch/s390/include')
-rw-r--r-- | arch/s390/include/asm/tlb.h | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/arch/s390/include/asm/tlb.h b/arch/s390/include/asm/tlb.h index 7317b3108a88..2eb8ff0d6fca 100644 --- a/arch/s390/include/asm/tlb.h +++ b/arch/s390/include/asm/tlb.h @@ -47,10 +47,9 @@ struct mmu_table_batch { extern void tlb_table_flush(struct mmu_gather *tlb); extern void tlb_remove_table(struct mmu_gather *tlb, void *table); -static inline void tlb_gather_mmu(struct mmu_gather *tlb, - struct mm_struct *mm, - unsigned long start, - unsigned long end) +static inline void +arch_tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, + unsigned long start, unsigned long end) { tlb->mm = mm; tlb->start = start; @@ -76,9 +75,15 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb) tlb_flush_mmu_free(tlb); } -static inline void tlb_finish_mmu(struct mmu_gather *tlb, - unsigned long start, unsigned long end) +static inline void +arch_tlb_finish_mmu(struct mmu_gather *tlb, + unsigned long start, unsigned long end, bool force) { + if (force) { + tlb->start = start; + tlb->end = end; + } + tlb_flush_mmu(tlb); } |