On 25.02.20 18:19, Cornelia Huck wrote: > On Mon, 24 Feb 2020 06:40:49 -0500 > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > >> From: Janosch Frank <frankja@xxxxxxxxxxxxx> >> >> Now that we can't access guest memory anymore, we have a dedicated >> satellite block that's a bounce buffer for instruction data. >> >> We re-use the memop interface to copy the instruction data to / from >> userspace. This lets us re-use a lot of QEMU code which used that >> interface to make logical guest memory accesses which are not possible >> anymore in protected mode anyway. >> >> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> >> Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx> >> [borntraeger@xxxxxxxxxx: patch merging, splitting, fixing] >> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx> >> --- >> arch/s390/include/asm/kvm_host.h | 11 +++++- >> arch/s390/kvm/kvm-s390.c | 65 ++++++++++++++++++++++++++++---- >> arch/s390/kvm/pv.c | 11 ++++++ >> include/uapi/linux/kvm.h | 9 ++++- >> 4 files changed, 85 insertions(+), 11 deletions(-) >> > > (...) > >> @@ -4512,8 +4540,8 @@ static long kvm_s390_guest_mem_op(struct kvm_vcpu *vcpu, >> if (!tmpbuf) >> return -ENOMEM; >> } >> - >> - srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); >> + if (kvm_s390_pv_cpu_is_protected(vcpu)) >> + return -EINVAL; > > Doesn't that leak tmpbuf (allocated right above)? Maybe just move that > check up? nice catch. Fixed.
