Here are two fixes for s390 KVM code that prevent:
1. a malicious user to trigger a kernel BUG 2. a malicious user to change the storage key of read-only pages -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABAgAGBQJT+y/oAAoJEBF7vIC1phx82FoP/0QRqR5Dw5W8nJFFCrft2n/9 lrFop/WvVeCtVUXbeYVLoUOFN3id6BAiZeessYS/T6V0HThCx2fKlxDZrik2hQ2o OtVTR0aIotPWTzMYxIapBPpo4j/LFyMbDgVg/VWgt8+89DSfocY3g7Zv/gwtwCZp dhHU6McCZrhsCKTC7IoAR33IsOaeGbkfMrFWQ30TfDam/dxB3i4ZBRhzCLSPmqu/ V+PNdYinXSZWvq7jFa6//x3gSwXTAZx643nHmIt94c5fXd7ZXxT8fD1dw1c6FHK3 mVwP/VRA2DeaDE2n7mkFUI6LxghQtNKyv1uF8QE1wVmLYGwrGSoSwt7uk5/hoqFi XSwWDPFRPhnBQ6NAyFi4DN4FGr2kPV/EUpKge6laY6dtfbpEQY0MnHMJj/vkKBZh fkZZ5Y2XlfY4QnuoDBMGsn65y0izkI0YlAsB0ett2gVjhhiW50XVAUFd5RbaVKSF cQlgvB/iLHmN01QmYlLfFFN942wYjWAnZR0BPCySBkzpNj8SIEzWNX5my653uSPX WCZRMXNE4+5oydhd4L4uBwd9QzQnHnUaXPA/VeOwtDWA8wiDXmKzQM2o1vq2Dbva in7FvD7z/JbPXQ/XF+DcwVtkghel3uke84QvpfJ2TkK6M5bjkCIl5eVRwiS2jMvM CJMO7HTreugz+ZrmHZxl =ED9q -----END PGP SIGNATURE----- Merge tag 'kvm-s390-20140825' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master Here are two fixes for s390 KVM code that prevent: 1. a malicious user to trigger a kernel BUG 2. a malicious user to change the storage key of read-only pages
This commit is contained in:
commit
0ac625df43
|
@ -1317,19 +1317,6 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
switch (kvm_run->exit_reason) {
|
||||
case KVM_EXIT_S390_SIEIC:
|
||||
case KVM_EXIT_UNKNOWN:
|
||||
case KVM_EXIT_INTR:
|
||||
case KVM_EXIT_S390_RESET:
|
||||
case KVM_EXIT_S390_UCONTROL:
|
||||
case KVM_EXIT_S390_TSCH:
|
||||
case KVM_EXIT_DEBUG:
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
}
|
||||
|
||||
vcpu->arch.sie_block->gpsw.mask = kvm_run->psw_mask;
|
||||
vcpu->arch.sie_block->gpsw.addr = kvm_run->psw_addr;
|
||||
if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX) {
|
||||
|
|
|
@ -986,11 +986,21 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr,
|
|||
pte_t *ptep;
|
||||
|
||||
down_read(&mm->mmap_sem);
|
||||
retry:
|
||||
ptep = get_locked_pte(current->mm, addr, &ptl);
|
||||
if (unlikely(!ptep)) {
|
||||
up_read(&mm->mmap_sem);
|
||||
return -EFAULT;
|
||||
}
|
||||
if (!(pte_val(*ptep) & _PAGE_INVALID) &&
|
||||
(pte_val(*ptep) & _PAGE_PROTECT)) {
|
||||
pte_unmap_unlock(*ptep, ptl);
|
||||
if (fixup_user_fault(current, mm, addr, FAULT_FLAG_WRITE)) {
|
||||
up_read(&mm->mmap_sem);
|
||||
return -EFAULT;
|
||||
}
|
||||
goto retry;
|
||||
}
|
||||
|
||||
new = old = pgste_get_lock(ptep);
|
||||
pgste_val(new) &= ~(PGSTE_GR_BIT | PGSTE_GC_BIT |
|
||||
|
|
Loading…
Reference in New Issue