aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCarsten Otte <cotte@de.ibm.com>2009-05-12 11:21:52 -0400
committerAvi Kivity <avi@redhat.com>2009-06-10 04:48:56 -0400
commit3edbcff9bfe2ed632e518b3cfe807d062cee8269 (patch)
treeda0f137814c3918bff991190197f3aadc69ea97d
parentabf4a71ed95ff29d696bf04633958b2068ed2e0b (diff)
KVM: s390: Sanity check on validity intercept
This patch adds a sanity check for the content of the guest prefix register content before faulting in the cpu lowcore that it refers to. The guest might end up in an endless loop where SIE complains about missing lowcore with incorrect content of the prefix register without this fix. Reported-by: Mijo Safradin <mijo@linux.vnet.ibm.com> Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Christian Ehrhardt <ehrhardt@de.ibm.com> Signed-off-by: Avi Kivity <avi@redhat.com>
-rw-r--r--arch/s390/kvm/intercept.c28
1 files changed, 18 insertions, 10 deletions
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index 9d19803111ba..98997ccba501 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -154,17 +154,25 @@ static int handle_stop(struct kvm_vcpu *vcpu)
154static int handle_validity(struct kvm_vcpu *vcpu) 154static int handle_validity(struct kvm_vcpu *vcpu)
155{ 155{
156 int viwhy = vcpu->arch.sie_block->ipb >> 16; 156 int viwhy = vcpu->arch.sie_block->ipb >> 16;
157 int rc;
158
157 vcpu->stat.exit_validity++; 159 vcpu->stat.exit_validity++;
158 if (viwhy == 0x37) { 160 if ((viwhy == 0x37) && (vcpu->arch.sie_block->prefix
159 fault_in_pages_writeable((char __user *) 161 <= vcpu->kvm->arch.guest_memsize - 2*PAGE_SIZE)){
160 vcpu->kvm->arch.guest_origin + 162 rc = fault_in_pages_writeable((char __user *)
161 vcpu->arch.sie_block->prefix, 163 vcpu->kvm->arch.guest_origin +
162 PAGE_SIZE); 164 vcpu->arch.sie_block->prefix,
163 return 0; 165 2*PAGE_SIZE);
164 } 166 if (rc)
165 VCPU_EVENT(vcpu, 2, "unhandled validity intercept code %d", 167 /* user will receive sigsegv, exit to user */
166 viwhy); 168 rc = -ENOTSUPP;
167 return -ENOTSUPP; 169 } else
170 rc = -ENOTSUPP;
171
172 if (rc)
173 VCPU_EVENT(vcpu, 2, "unhandled validity intercept code %d",
174 viwhy);
175 return rc;
168} 176}
169 177
170static int handle_instruction(struct kvm_vcpu *vcpu) 178static int handle_instruction(struct kvm_vcpu *vcpu)