From: Christian Borntraeger <borntraeger@de.ibm.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>
Cc: KVM <kvm@vger.kernel.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
linux-s390 <linux-s390@vger.kernel.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>
Subject: [GIT PULL 10/12] KVM: s390: sthyi: remove invalid guest write access
Date: Wed, 30 Aug 2017 09:54:08 +0200 [thread overview]
Message-ID: <1504079650-82735-4-git-send-email-borntraeger@de.ibm.com> (raw)
In-Reply-To: <1504079650-82735-1-git-send-email-borntraeger@de.ibm.com>
From: Heiko Carstens <heiko.carstens@de.ibm.com>
handle_sthyi() always writes to guest memory if the sthyi function
code is zero in order to fault in the page that later is written to.
However a function code of zero does not necessarily mean that a write
to guest memory happens: if the KVM host is running as a second level
guest under z/VM 6.2 the sthyi instruction is indicated to be
available to the KVM host, however if the instruction is executed it
will always return with a return code that indicates "unsupported
function code".
In such a case handle_sthyi() must not write to guest memory. This
means that the prior write access to fault in the guest page may
result in invalid guest exceptions, and/or invalid data modification.
In order to be architecture compliant simply remove the write_guest()
call.
Given that the guest assumed a write access anyway, this fix does not
qualify for -stable. This just makes sure the sthyi handler is
architecture compliant.
Fixes: 95ca2cb57985 ("KVM: s390: Add sthyi emulation")
Reviewed-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
arch/s390/kvm/sthyi.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/arch/s390/kvm/sthyi.c b/arch/s390/kvm/sthyi.c
index a2e5c24..395926b 100644
--- a/arch/s390/kvm/sthyi.c
+++ b/arch/s390/kvm/sthyi.c
@@ -436,14 +436,6 @@ int handle_sthyi(struct kvm_vcpu *vcpu)
if (addr & ~PAGE_MASK)
return kvm_s390_inject_program_int(vcpu, PGM_SPECIFICATION);
- /*
- * If the page has not yet been faulted in, we want to do that
- * now and not after all the expensive calculations.
- */
- r = write_guest(vcpu, addr, reg2, &cc, 1);
- if (r)
- return kvm_s390_inject_prog_cond(vcpu, r);
-
sctns = (void *)get_zeroed_page(GFP_KERNEL);
if (!sctns)
return -ENOMEM;
--
2.7.4
next prev parent reply other threads:[~2017-08-30 7:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-30 7:54 [GIT PULL 00/12] KVM: s390: Fixes and features for 4.14 (kvm/next) Christian Borntraeger
2017-08-30 7:54 ` [GIT PULL 08/12] KVM: s390: Support Configuration z/Architecture Mode Christian Borntraeger
2017-08-30 7:54 ` [GIT PULL 09/12] KVM: s390: Multiple Epoch Facility support Christian Borntraeger
2017-08-30 7:54 ` Christian Borntraeger [this message]
2017-08-30 7:54 ` [GIT PULL 11/12] KVM: s390: expose no-DAT to guest and migration support Christian Borntraeger
2017-08-30 7:54 ` [GIT PULL 12/12] KVM: s390: we are always in czam mode Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1504079650-82735-4-git-send-email-borntraeger@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=heiko.carstens@de.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.