Patch "s390/uv: Panic for set and remove shared access UVC errors" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    s390/uv: Panic for set and remove shared access UVC errors

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     s390-uv-panic-for-set-and-remove-shared-access-uvc-e.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 42160814e6e8270a17b8655ef323245d6fc53804
Author: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
Date:   Thu Aug 1 13:25:48 2024 +0200

    s390/uv: Panic for set and remove shared access UVC errors
    
    [ Upstream commit cff59d8631e1409ffdd22d9d717e15810181b32c ]
    
    The return value uv_set_shared() and uv_remove_shared() (which are
    wrappers around the share() function) is not always checked. The system
    integrity of a protected guest depends on the Share and Unshare UVCs
    being successful. This means that any caller that fails to check the
    return value will compromise the security of the protected guest.
    
    No code path that would lead to such violation of the security
    guarantees is currently exercised, since all the areas that are shared
    never get unshared during the lifetime of the system. This might
    change and become an issue in the future.
    
    The Share and Unshare UVCs can only fail in case of hypervisor
    misbehaviour (either a bug or malicious behaviour). In such cases there
    is no reasonable way forward, and the system needs to panic.
    
    This patch replaces the return at the end of the share() function with
    a panic, to guarantee system integrity.
    
    Fixes: 5abb9351dfd9 ("s390/uv: introduce guest side ultravisor code")
    Signed-off-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
    Reviewed-by: Christian Borntraeger <borntraeger@xxxxxxxxxxxxx>
    Reviewed-by: Steffen Eiden <seiden@xxxxxxxxxxxxx>
    Reviewed-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240801112548.85303-1-imbrenda@xxxxxxxxxxxxx
    Message-ID: <20240801112548.85303-1-imbrenda@xxxxxxxxxxxxx>
    [frankja@xxxxxxxxxxxxx: Fixed up patch subject]
    Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/s390/include/asm/uv.h b/arch/s390/include/asm/uv.h
index 12c5f006c1364..8fd441150a4e6 100644
--- a/arch/s390/include/asm/uv.h
+++ b/arch/s390/include/asm/uv.h
@@ -312,7 +312,10 @@ static inline int share(unsigned long addr, u16 cmd)
 
 	if (!uv_call(0, (u64)&uvcb))
 		return 0;
-	return -EINVAL;
+	pr_err("%s UVC failed (rc: 0x%x, rrc: 0x%x), possible hypervisor bug.\n",
+	       uvcb.header.cmd == UVC_CMD_SET_SHARED_ACCESS ? "Share" : "Unshare",
+	       uvcb.header.rc, uvcb.header.rrc);
+	panic("System security cannot be guaranteed unless the system panics now.\n");
 }
 
 /*




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux