Skip to content

Commit

Permalink
Merge tag 'kvm-s390-20140825' of git://git.kernel.org/pub/scm/linux/k…
Browse files Browse the repository at this point in the history 
…ernel/git/kvms390/linux into kvm-master

Here are two fixes for s390 KVM code that prevent:
1. a malicious user to trigger a kernel BUG
2. a malicious user to change the storage key of read-only pages
  • Loading branch information
Paolo Bonzini committed Aug 25, 2014
2 parents 30d1e0e + ab3f285 commit 0ac625d
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 13 deletions.
13 changes: 0 additions & 13 deletions arch/s390/kvm/kvm-s390.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1317,19 +1317,6 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
return -EINVAL;
}

switch (kvm_run->exit_reason) {
case KVM_EXIT_S390_SIEIC:
case KVM_EXIT_UNKNOWN:
case KVM_EXIT_INTR:
case KVM_EXIT_S390_RESET:
case KVM_EXIT_S390_UCONTROL:
case KVM_EXIT_S390_TSCH:
case KVM_EXIT_DEBUG:
break;
default:
BUG();
}

vcpu->arch.sie_block->gpsw.mask = kvm_run->psw_mask;
vcpu->arch.sie_block->gpsw.addr = kvm_run->psw_addr;
if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX) {
Expand Down
10 changes: 10 additions & 0 deletions arch/s390/mm/pgtable.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -986,11 +986,21 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr,
pte_t *ptep;

down_read(&mm->mmap_sem);
retry:
ptep = get_locked_pte(current->mm, addr, &ptl);
if (unlikely(!ptep)) {
up_read(&mm->mmap_sem);
return -EFAULT;
}
if (!(pte_val(*ptep) & _PAGE_INVALID) &&
(pte_val(*ptep) & _PAGE_PROTECT)) {
pte_unmap_unlock(*ptep, ptl);
if (fixup_user_fault(current, mm, addr, FAULT_FLAG_WRITE)) {
up_read(&mm->mmap_sem);
return -EFAULT;
}
goto retry;
}

new = old = pgste_get_lock(ptep);
pgste_val(new) &= ~(PGSTE_GR_BIT | PGSTE_GC_BIT |
Expand Down

0 comments on commit 0ac625d

Please sign in to comment.