Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0ac625df authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge tag 'kvm-s390-20140825' of... 

Merge tag 'kvm-s390-20140825' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master

Here are two fixes for s390 KVM code that prevent:
1. a malicious user to trigger a kernel BUG
2. a malicious user to change the storage key of read-only pages
parents 30d1e0e8 ab3f285f

arch/s390/kvm/kvm-s390.c

+0 −13
Original line number Diff line number Diff line
@@ -1317,19 +1317,6 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) 
		return -EINVAL;

	}



	switch (kvm_run->exit_reason) {

	case KVM_EXIT_S390_SIEIC:

	case KVM_EXIT_UNKNOWN:

	case KVM_EXIT_INTR:

	case KVM_EXIT_S390_RESET:

	case KVM_EXIT_S390_UCONTROL:

	case KVM_EXIT_S390_TSCH:

	case KVM_EXIT_DEBUG:

		break;

	default:

		BUG();

	}



	vcpu->arch.sie_block->gpsw.mask = kvm_run->psw_mask;

	vcpu->arch.sie_block->gpsw.addr = kvm_run->psw_addr;

	if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX) {

arch/s390/mm/pgtable.c

+10 −0
Original line number Diff line number Diff line
@@ -986,11 +986,21 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr, 
	pte_t *ptep;



	down_read(&mm->mmap_sem);

retry:

	ptep = get_locked_pte(current->mm, addr, &ptl);

	if (unlikely(!ptep)) {

		up_read(&mm->mmap_sem);

		return -EFAULT;

	}

	if (!(pte_val(*ptep) & _PAGE_INVALID) &&

	     (pte_val(*ptep) & _PAGE_PROTECT)) {

			pte_unmap_unlock(*ptep, ptl);

			if (fixup_user_fault(current, mm, addr, FAULT_FLAG_WRITE)) {

				up_read(&mm->mmap_sem);

				return -EFAULT;

			}

			goto retry;

		}



	new = old = pgste_get_lock(ptep);

	pgste_val(new) &= ~(PGSTE_GR_BIT | PGSTE_GC_BIT |