Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9c20bb0 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge tag 'kvm-s390-master-5.3-1' of... 

Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master

KVM: s390: Fixes for 5.3

- prevent a user triggerable oops in the migration code
- do not leak kernel stack content
parents 002c5f73 53936b5b

arch/s390/kvm/interrupt.c

+10 −0
Original line number Diff line number Diff line
@@ -1961,6 +1961,16 @@ int s390int_to_s390irq(struct kvm_s390_interrupt *s390int, 
	case KVM_S390_MCHK:

		irq->u.mchk.mcic = s390int->parm64;

		break;

	case KVM_S390_INT_PFAULT_INIT:

		irq->u.ext.ext_params = s390int->parm;

		irq->u.ext.ext_params2 = s390int->parm64;

		break;

	case KVM_S390_RESTART:

	case KVM_S390_INT_CLOCK_COMP:

	case KVM_S390_INT_CPU_TIMER:

		break;

	default:

		return -EINVAL;

	}

	return 0;

}

arch/s390/kvm/kvm-s390.c

+3 −1
Original line number Diff line number Diff line
@@ -1018,6 +1018,8 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm) 
	/* mark all the pages in active slots as dirty */

	for (slotnr = 0; slotnr < slots->used_slots; slotnr++) {

		ms = slots->memslots + slotnr;

		if (!ms->dirty_bitmap)

			return -EINVAL;

		/*

		 * The second half of the bitmap is only used on x86,

		 * and would be wasted otherwise, so we put it to good
@@ -4323,7 +4325,7 @@ long kvm_arch_vcpu_async_ioctl(struct file *filp, 
	}

	case KVM_S390_INTERRUPT: {

		struct kvm_s390_interrupt s390int;

		struct kvm_s390_irq s390irq;

		struct kvm_s390_irq s390irq = {};



		if (copy_from_user(&s390int, argp, sizeof(s390int)))

			return -EFAULT;