diff options
| author | Radim Krčmář <rkrcmar@redhat.com> | 2018-01-24 16:25:53 +0100 | 
|---|---|---|
| committer | Radim Krčmář <rkrcmar@redhat.com> | 2018-01-24 16:25:53 +0100 | 
| commit | bda646dd182a90ba4239fc62b71eb8b73126fa77 (patch) | |
| tree | 20d8139459e5ba7dd137c4471f3e655ddb70b03e | |
| parent | 0c5b9b5d9adbad4b60491f9ba0d2af38904bb4b9 (diff) | |
| parent | 1de1ea7efeb9e8543212210e34518b4049ccd285 (diff) | |
Merge tag 'kvm-s390-master-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux
KVM: s390: another fix for cmma migration
This fixes races and potential use after free in the
cmma migration code.
| -rw-r--r-- | arch/s390/kvm/kvm-s390.c | 18 | 
1 files changed, 11 insertions, 7 deletions
| diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 2598cf243b86..1371dff2b90d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -769,7 +769,7 @@ static void kvm_s390_sync_request_broadcast(struct kvm *kvm, int req)  /*   * Must be called with kvm->srcu held to avoid races on memslots, and with - * kvm->lock to avoid races with ourselves and kvm_s390_vm_stop_migration. + * kvm->slots_lock to avoid races with ourselves and kvm_s390_vm_stop_migration.   */  static int kvm_s390_vm_start_migration(struct kvm *kvm)  { @@ -825,7 +825,7 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm)  }  /* - * Must be called with kvm->lock to avoid races with ourselves and + * Must be called with kvm->slots_lock to avoid races with ourselves and   * kvm_s390_vm_start_migration.   */  static int kvm_s390_vm_stop_migration(struct kvm *kvm) @@ -840,6 +840,8 @@ static int kvm_s390_vm_stop_migration(struct kvm *kvm)  	if (kvm->arch.use_cmma) {  		kvm_s390_sync_request_broadcast(kvm, KVM_REQ_STOP_MIGRATION); +		/* We have to wait for the essa emulation to finish */ +		synchronize_srcu(&kvm->srcu);  		vfree(mgs->pgste_bitmap);  	}  	kfree(mgs); @@ -849,14 +851,12 @@ static int kvm_s390_vm_stop_migration(struct kvm *kvm)  static int kvm_s390_vm_set_migration(struct kvm *kvm,  				     struct kvm_device_attr *attr)  { -	int idx, res = -ENXIO; +	int res = -ENXIO; -	mutex_lock(&kvm->lock); +	mutex_lock(&kvm->slots_lock);  	switch (attr->attr) {  	case KVM_S390_VM_MIGRATION_START: -		idx = srcu_read_lock(&kvm->srcu);  		res = kvm_s390_vm_start_migration(kvm); -		srcu_read_unlock(&kvm->srcu, idx);  		break;  	case KVM_S390_VM_MIGRATION_STOP:  		res = kvm_s390_vm_stop_migration(kvm); @@ -864,7 +864,7 @@ static int kvm_s390_vm_set_migration(struct kvm *kvm,  	default:  		break;  	} -	mutex_unlock(&kvm->lock); +	mutex_unlock(&kvm->slots_lock);  	return res;  } @@ -1754,7 +1754,9 @@ long kvm_arch_vm_ioctl(struct file *filp,  		r = -EFAULT;  		if (copy_from_user(&args, argp, sizeof(args)))  			break; +		mutex_lock(&kvm->slots_lock);  		r = kvm_s390_get_cmma_bits(kvm, &args); +		mutex_unlock(&kvm->slots_lock);  		if (!r) {  			r = copy_to_user(argp, &args, sizeof(args));  			if (r) @@ -1768,7 +1770,9 @@ long kvm_arch_vm_ioctl(struct file *filp,  		r = -EFAULT;  		if (copy_from_user(&args, argp, sizeof(args)))  			break; +		mutex_lock(&kvm->slots_lock);  		r = kvm_s390_set_cmma_bits(kvm, &args); +		mutex_unlock(&kvm->slots_lock);  		break;  	}  	default: | 
