Fix prefix register checking in arch/s390/kvm/sigp.c

Carsten Otte <carsteno@xxxxxxxxxx> · Mon, 30 Nov 2009 17:14:41 +0100

This patch corrects the checking of the new address for the prefix register.
On s390, the prefix register is used to address the cpu's lowcore (address
0...8k). This check is supposed to verify that the memory is readable and
present.
copy_from_guest is a helper function, that can be used to read from guest
memory. It applies prefixing, adds the start address of the guest memory in
user, and then calls copy_from_user. Previous code was obviously broken for
two reasons:
- prefixing should not be applied here. The current prefix register is
  going to be updated soon, and the address we're looking for will be
  0..8k after we've updated the register
- we're adding the guest origin (gmsor) twice: once in subject code
  and once in copy_from_guest

With kuli, we did not hit this problem because (a) we were lucky with
previous prefix register content, and (b) our guest memory was mmaped
very low into user address space.

This patch should go into 2.6.32, it prevents running smp guests with qemu.

Signed-off-by: Carsten Otte <cotte@xxxxxxxxxx>
Reported-by: Alexander Graf <agraf@xxxxxxx>
---
 sigp.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
Index: kvm/arch/s390/kvm/sigp.c
===================================================================

--- kvm.orig/arch/s390/kvm/sigp.c	2009-10-13 11:09:04.000000000 +0200
+++ kvm/arch/s390/kvm/sigp.c	2009-11-30 16:46:21.000000000 +0100
@@ -188,9 +188,9 @@
 
 	/* make sure that the new value is valid memory */
 	address = address & 0x7fffe000u;
-	if ((copy_from_guest(vcpu, &tmp,
-		(u64) (address + vcpu->arch.sie_block->gmsor) , 1)) ||
-	   (copy_from_guest(vcpu, &tmp, (u64) (address +
+	if ((copy_from_user(&tmp, (void __user *)
+		(address + vcpu->arch.sie_block->gmsor) , 1)) ||
+	   (copy_from_user(&tmp, (void __user *)(address +
 			vcpu->arch.sie_block->gmsor + PAGE_SIZE), 1))) {
 		*reg |= SIGP_STAT_INVALID_PARAMETER;
 		return 1; /* invalid parameter */
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




