diff options
| author | Heiko Carstens <hca@linux.ibm.com> | 2024-03-20 10:38:58 +0100 |
|---|---|---|
| committer | Vasily Gorbik <gor@linux.ibm.com> | 2024-04-03 15:00:19 +0200 |
| commit | e6ec07dc6dd498415bc8cc49437d5ec9e09cc48e (patch) | |
| tree | 4f1711fba6b65705dcfbe6f9928e7f7105e03b7c /arch | |
| parent | Linux 6.9-rc2 (diff) | |
| download | linux-e6ec07dc6dd498415bc8cc49437d5ec9e09cc48e.tar.xz linux-e6ec07dc6dd498415bc8cc49437d5ec9e09cc48e.zip | |
s390/mm: fix NULL pointer dereference
The recently added check to figure out if a fault happened on gmap ASCE
dereferences the gmap pointer in lowcore without checking that it is not
NULL. For all non-KVM processes the pointer is NULL, so that some value
from lowcore will be read. With the current layouts of struct gmap and
struct lowcore the read value (aka ASCE) is zero, so that this doesn't lead
to any observable bug; at least currently.
Fix this by adding the missing NULL pointer check.
Fixes: 64c3431808bd ("s390/entry: compare gmap asce to determine guest/host fault")
Acked-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/s390/mm/fault.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c index c421dd44ffbe..0c66b32e0f9f 100644 --- a/arch/s390/mm/fault.c +++ b/arch/s390/mm/fault.c @@ -75,7 +75,7 @@ static enum fault_type get_fault_type(struct pt_regs *regs) if (!IS_ENABLED(CONFIG_PGSTE)) return KERNEL_FAULT; gmap = (struct gmap *)S390_lowcore.gmap; - if (regs->cr1 == gmap->asce) + if (gmap && gmap->asce == regs->cr1) return GMAP_FAULT; return KERNEL_FAULT; } |