leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c5c2c39346
linux/arch/s390
History
David Hildenbrand c5c2c39346 KVM: s390: SCA must not cross page boundaries 
We seemed to have missed a few corner cases in commit f6c137ff00
("KVM: s390: randomize sca address").

The SCA has a maximum size of 2112 bytes. By setting the sca_offset to
some unlucky numbers, we exceed the page.

0x7c0 (1984) -> Fits exactly
0x7d0 (2000) -> 16 bytes out
0x7e0 (2016) -> 32 bytes out
0x7f0 (2032) -> 48 bytes out

One VCPU entry is 32 bytes long.

For the last two cases, we actually write data to the other page.
1. The address of the VCPU.
2. Injection/delivery/clearing of SIGP externall calls via SIGP IF.

Especially the 2. happens regularly. So this could produce two problems:
1. The guest losing/getting external calls.
2. Random memory overwrites in the host.

So this problem happens on every 127 + 128 created VM with 64 VCPUs.

Cc: stable@vger.kernel.org # v3.15+
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-10-29 15:58:41 +01:00
..
appldata s390: appldata: drop owner assignment from platform_drivers 2014-10-20 16:20:13 +02:00
boot lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
configs s390/configs//zfcpdump_defconfig: Remove CONFIG_MEMSTICK 2015-09-17 13:43:44 +02:00
crypto s390/crypto: add cpu feature modaliases for crypto modules 2015-07-22 09:58:02 +02:00
hypfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
include AMD fixes for bugs introduced in the 4.2 merge window, 2015-09-25 10:51:40 -07:00
kernel s390: wire up separate socketcalls system calls 2015-09-18 11:16:53 +02:00
kvm KVM: s390: SCA must not cross page boundaries 2015-10-29 15:58:41 +01:00
lib Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-03 15:46:07 -07:00
mm libnvdimm for 4.3: 2015-09-08 14:35:59 -07:00
net bpf: s390: Fix build error caused by the struct bpf_array member name changed 2015-08-11 11:49:40 -07:00
numa s390/numa: make core to node mapping data dynamic 2015-08-07 09:57:38 +02:00
oprofile s390/oprofile: fix compile error 2015-07-01 09:34:39 +02:00
pci dma-mapping: consolidate dma_set_mask 2015-09-10 13:29:01 -07:00
defconfig s390: new default configuration 2015-06-25 09:39:25 +02:00
Kbuild s390/numa: add core infrastructure 2015-08-03 18:40:25 +02:00
Kconfig kexec: split kexec_load syscall from kexec core code 2015-09-10 13:29:01 -07:00
Kconfig.debug Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 2013-04-30 17:04:09 -07:00
Makefile s390/sclp: convert early sclp console code to C 2015-07-29 09:11:39 +02:00