leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c5c2c39346
linux/arch/s390/kvm
History
David Hildenbrand c5c2c39346 KVM: s390: SCA must not cross page boundaries 
We seemed to have missed a few corner cases in commit f6c137ff00
("KVM: s390: randomize sca address").

The SCA has a maximum size of 2112 bytes. By setting the sca_offset to
some unlucky numbers, we exceed the page.

0x7c0 (1984) -> Fits exactly
0x7d0 (2000) -> 16 bytes out
0x7e0 (2016) -> 32 bytes out
0x7f0 (2032) -> 48 bytes out

One VCPU entry is 32 bytes long.

For the last two cases, we actually write data to the other page.
1. The address of the VCPU.
2. Injection/delivery/clearing of SIGP externall calls via SIGP IF.

Especially the 2. happens regularly. So this could produce two problems:
1. The guest losing/getting external calls.
2. Random memory overwrites in the host.

So this problem happens on every 127 + 128 created VM with 64 VCPUs.

Cc: stable@vger.kernel.org # v3.15+
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-10-29 15:58:41 +01:00
..
diag.c KVM: s390: add more debug data for the pfault diagnoses 2015-07-29 11:02:34 +02:00
gaccess.c KVM: s390: Add MEMOP ioctls for reading/writing guest memory 2015-03-17 16:26:24 +01:00
gaccess.h KVM: s390: Add MEMOP ioctls for reading/writing guest memory 2015-03-17 16:26:24 +01:00
guestdbg.c KVM: s390: filter space-switch events when PER is enforced 2015-07-29 10:36:22 +02:00
intercept.c KVM: s390: drop handling of interception code 12 2015-05-08 15:51:17 +02:00
interrupt.c KVM: s390: factor out reading of the guest TOD clock 2015-10-13 15:50:35 +02:00
irq.h KVM: s390: irq routing for adapter interrupts. 2014-03-21 13:43:00 +01:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
kvm-s390.c KVM: s390: SCA must not cross page boundaries 2015-10-29 15:58:41 +01:00
kvm-s390.h KVM: s390: factor out reading of the guest TOD clock 2015-10-13 15:50:35 +02:00
Makefile KVM: s390: hardware support for guest debugging 2014-04-22 13:24:51 +02:00
priv.c KVM: s390: factor out and fix setting of guest TOD clock 2015-10-13 15:50:35 +02:00
sigp.c KVM: s390: adapt debug entries for instruction handling 2015-07-29 11:02:35 +02:00
trace-s390.h KVM: s390: more irq names for trace events 2015-07-29 11:02:34 +02:00
trace.h KVM: s390: interpretive execution of SIGP EXTERNAL CALL 2014-05-16 14:57:28 +02:00