* [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master)
@ 2016-08-12 8:06 Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 1/2] KVM: s390: set the prefix initially properly Christian Borntraeger
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Christian Borntraeger @ 2016-08-12 8:06 UTC (permalink / raw)
To: Paolo Bonzini, Radim Krčmář
Cc: KVM, Cornelia Huck, linux-s390, Christian Borntraeger, Julius Niedworok
Paolo, Radim,
two fixes for 4.8 which prevent a user triggerable WARN_ON_ONCE.
Found by Julius Niedworok with fuzzing.
The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:
Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git tags/kvm-s390-master-4.8-1
for you to fetch changes up to aca411a4b17a4aebe14ecdf253373db5b7ee6058:
KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed (2016-08-12 09:11:08 +0200)
----------------------------------------------------------------
KVM: s390: Fixes for 4.8 (via kvm/master)
Here are two fixes found by fuzzing of the ioctl interface.
Both cases can trigger a WARN_ON_ONCE from user space.
----------------------------------------------------------------
Julius Niedworok (2):
KVM: s390: set the prefix initially properly
KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed
arch/s390/kvm/kvm-s390.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [GIT PULL 1/2] KVM: s390: set the prefix initially properly
2016-08-12 8:06 [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Christian Borntraeger
@ 2016-08-12 8:06 ` Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 2/2] KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed Christian Borntraeger
2016-08-12 12:38 ` [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Radim Krčmář
2 siblings, 0 replies; 4+ messages in thread
From: Christian Borntraeger @ 2016-08-12 8:06 UTC (permalink / raw)
To: Paolo Bonzini, Radim Krčmář
Cc: KVM, Cornelia Huck, linux-s390, Christian Borntraeger, Julius Niedworok
From: Julius Niedworok <jniedwor@linux.vnet.ibm.com>
When KVM_RUN is triggered on a VCPU without an initial reset, a
validity intercept occurs.
Setting the prefix will set the KVM_REQ_MMU_RELOAD bit initially,
thus preventing the bug.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Julius Niedworok <jniedwor@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
arch/s390/kvm/kvm-s390.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 3f3ae48..e63f6ed 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1672,6 +1672,7 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
KVM_SYNC_CRS |
KVM_SYNC_ARCH0 |
KVM_SYNC_PFAULT;
+ kvm_s390_set_prefix(vcpu, 0);
if (test_kvm_facility(vcpu->kvm, 64))
vcpu->run->kvm_valid_regs |= KVM_SYNC_RICCB;
/* fprs can be synchronized via vrs, even if the guest has no vx. With
--
2.5.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [GIT PULL 2/2] KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed
2016-08-12 8:06 [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 1/2] KVM: s390: set the prefix initially properly Christian Borntraeger
@ 2016-08-12 8:06 ` Christian Borntraeger
2016-08-12 12:38 ` [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Radim Krčmář
2 siblings, 0 replies; 4+ messages in thread
From: Christian Borntraeger @ 2016-08-12 8:06 UTC (permalink / raw)
To: Paolo Bonzini, Radim Krčmář
Cc: KVM, Cornelia Huck, linux-s390, Christian Borntraeger, Julius Niedworok
From: Julius Niedworok <jniedwor@linux.vnet.ibm.com>
When triggering KVM_RUN without a user memory region being mapped
(KVM_SET_USER_MEMORY_REGION) a validity intercept occurs. This could
happen, if the user memory region was not mapped initially or if it
was unmapped after the vcpu is initialized. The function
kvm_s390_handle_requests checks for the KVM_REQ_MMU_RELOAD bit. The
check function always clears this bit. If gmap_mprotect_notify
returns an error code, the mapping failed, but the KVM_REQ_MMU_RELOAD
was not set anymore. So the next time kvm_s390_handle_requests is
called, the execution would fall trough the check for
KVM_REQ_MMU_RELOAD. The bit needs to be resetted, if
gmap_mprotect_notify returns an error code. Resetting the bit with
kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu) fixes the bug.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Julius Niedworok <jniedwor@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
arch/s390/kvm/kvm-s390.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index e63f6ed..f142215 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -2362,8 +2362,10 @@ retry:
rc = gmap_mprotect_notify(vcpu->arch.gmap,
kvm_s390_get_prefix(vcpu),
PAGE_SIZE * 2, PROT_WRITE);
- if (rc)
+ if (rc) {
+ kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu);
return rc;
+ }
goto retry;
}
--
2.5.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master)
2016-08-12 8:06 [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 1/2] KVM: s390: set the prefix initially properly Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 2/2] KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed Christian Borntraeger
@ 2016-08-12 12:38 ` Radim Krčmář
2 siblings, 0 replies; 4+ messages in thread
From: Radim Krčmář @ 2016-08-12 12:38 UTC (permalink / raw)
To: Christian Borntraeger
Cc: Paolo Bonzini, KVM, Cornelia Huck, linux-s390, Julius Niedworok
2016-08-12 10:06+0200, Christian Borntraeger:
> Paolo, Radim,
>
> two fixes for 4.8 which prevent a user triggerable WARN_ON_ONCE.
> Found by Julius Niedworok with fuzzing.
Pulled, thanks.
> The following changes since commit 29b4817d4018df78086157ea3a55c1d9424a7cfc:
>
> Linux 4.8-rc1 (2016-08-07 18:18:00 -0700)
>
> are available in the git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git tags/kvm-s390-master-4.8-1
>
> for you to fetch changes up to aca411a4b17a4aebe14ecdf253373db5b7ee6058:
>
> KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed (2016-08-12 09:11:08 +0200)
>
> ----------------------------------------------------------------
> KVM: s390: Fixes for 4.8 (via kvm/master)
>
> Here are two fixes found by fuzzing of the ioctl interface.
> Both cases can trigger a WARN_ON_ONCE from user space.
>
> ----------------------------------------------------------------
> Julius Niedworok (2):
> KVM: s390: set the prefix initially properly
> KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed
>
> arch/s390/kvm/kvm-s390.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-12 12:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-12 8:06 [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 1/2] KVM: s390: set the prefix initially properly Christian Borntraeger
2016-08-12 8:06 ` [GIT PULL 2/2] KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed Christian Borntraeger
2016-08-12 12:38 ` [GIT PULL 0/2] KVM: s390: Fixes for 4.8 (via kvm/master) Radim Krčmář
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.