Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master

KVM: s390: Fixes for 5.3 - prevent a user triggerable oops in the migration code - do not leak kernel stack content
author: Paolo Bonzini <pbonzini@redhat.com> 2019-09-14 09:25:30 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2019-09-14 09:25:30 +0200
commit: a9c20bb0206ae9384bd470a6832dd8913730add9 (patch)
tree: 2a6bf3c6d9bc73c1c44c972143f6656927f50111 /arch/s390/kvm/kvm-s390.c
parent: 002c5f73c508f7df5681bda339831c27f3c1aef4 (diff)
parent: 53936b5bf35e140ae27e4bbf0447a61063f400da (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index f329dcb3f44c..39cff07bf2eb 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1018,6 +1018,8 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm)
 	/* mark all the pages in active slots as dirty */
 	for (slotnr = 0; slotnr < slots->used_slots; slotnr++) {
 		ms = slots->memslots + slotnr;
+		if (!ms->dirty_bitmap)
+			return -EINVAL;
 		/*
 		 * The second half of the bitmap is only used on x86,
 		 * and would be wasted otherwise, so we put it to good
@@ -4323,7 +4325,7 @@ long kvm_arch_vcpu_async_ioctl(struct file *filp,
 	}
 	case KVM_S390_INTERRUPT: {
 		struct kvm_s390_interrupt s390int;
-		struct kvm_s390_irq s390irq;
+		struct kvm_s390_irq s390irq = {};
 
 		if (copy_from_user(&s390int, argp, sizeof(s390int)))
 			return -EFAULT;
author	Paolo Bonzini <pbonzini@redhat.com>	2019-09-14 09:25:30 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2019-09-14 09:25:30 +0200
commit	a9c20bb0206ae9384bd470a6832dd8913730add9 (patch)
tree	2a6bf3c6d9bc73c1c44c972143f6656927f50111 /arch/s390/kvm/kvm-s390.c
parent	002c5f73c508f7df5681bda339831c27f3c1aef4 (diff)
parent	53936b5bf35e140ae27e4bbf0447a61063f400da (diff)