Commit 78dd77ef authored by Christian Borntraeger's avatar Christian Borntraeger Committed by Cui GaoSheng
Browse files

KVM: s390: vsie: fix race during shadow creation 

stable inclusion
from stable-v6.1.82
commit 5df3b81a567eb565029563f26f374ae3803a1dfc
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9E2GQ


CVE: CVE-2023-52639

--------------------------------

[ Upstream commit fe752331d4b361d43cfd0b89534b4b2176057c32 ]

Right now it is possible to see gmap->private being zero in
kvm_s390_vsie_gmap_notifier resulting in a crash.  This is due to the
fact that we add gmap->private == kvm after creation:

static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
                               struct vsie_page *vsie_page)
{
[...]
        gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
        if (IS_ERR(gmap))
                return PTR_ERR(gmap);
        gmap->private = vcpu->kvm;

Let children inherit the private field of the parent.

Reported-by: default avatarMarc Hartmayer <mhartmay@linux.ibm.com>
Fixes: a3508fbe ("KVM: s390: vsie: initial support for nested virtualization")
Cc: <stable@vger.kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Reviewed-by: default avatarJanosch Frank <frankja@linux.ibm.com>
Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
Reviewed-by: default avatarClaudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: default avatarChristian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com


Signed-off-by: default avatarSasha Levin <sashal@kernel.org>

conflicts:
	arch/s390/kvm/vsie.c

Signed-off-by: default avatarCui GaoSheng <cuigaosheng1@huawei.com>
parent 9b7534a0
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment