Commit 0387db2d authored May 10, 2022 by Janis Schoetterl-Glausch Committed by Zheng Zengkai May 10, 2022

KVM: s390: Return error on SIDA memop on normal guest

stable inclusion
from stable-v5.10.100
commit b62267b8b06e9b8bb429ae8f962ee431e6535d60
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I4U746
CVE: CVE-2022-0516

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b62267b8b06e9b8bb429ae8f962ee431e6535d60



--------------------------------

commit 2c212e1b upstream.

Refuse SIDA memops on guests which are not protected.
For normal guests, the secure instruction data address designation,
which determines the location we access, is not under control of KVM.

Fixes: 19e12277 (KVM: S390: protvirt: Introduce instruction data area bounce buffer)
Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Reviewed-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent 6b48ea3c

arch/s390/kvm/kvm-s390.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -4654,6 +4654,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu,
	return -EINVAL;		return -EINVAL;
	if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block))		if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block))
	return -E2BIG;		return -E2BIG;
			if (!kvm_s390_pv_cpu_is_protected(vcpu))
			return -EINVAL;

	switch (mop->op) {		switch (mop->op) {
	case KVM_S390_MEMOP_SIDA_READ:		case KVM_S390_MEMOP_SIDA_READ: