Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Suchanek <msuchanek@suse.de>2018-10-31 13:27:38 +0100
committerMichal Suchanek <msuchanek@suse.de>2018-10-31 23:28:44 +0100
commit96e80128bf3f778b8a8a81b15c0f6b781af62d14 (patch)
treec36ead62f72eb244548d96ad436d581ec44d8afd
parent2c77d8d71138ea2b677e58cc3baab8b2cfb186c2 (diff)
KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under
kvm->lock (bsc#1061840).
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Read-kvm-arch.emul_smt_mode-under-.patch68
-rw-r--r--series.conf1
2 files changed, 69 insertions, 0 deletions
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Read-kvm-arch.emul_smt_mode-under-.patch b/patches.arch/KVM-PPC-Book3S-HV-Read-kvm-arch.emul_smt_mode-under-.patch
new file mode 100644
index 0000000000..7296641f7d
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Read-kvm-arch.emul_smt_mode-under-.patch
@@ -0,0 +1,68 @@
+From b5c6f7607b908b1445f2556c8d2f3b1ec5fc5aa8 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 26 Jul 2018 15:38:41 +1000
+Subject: [PATCH] KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under
+ kvm->lock
+
+References: bsc#1061840
+Patch-mainline: v4.19-rc1
+Git-commit: b5c6f7607b908b1445f2556c8d2f3b1ec5fc5aa8
+
+Commit 1e175d2 ("KVM: PPC: Book3S HV: Pack VCORE IDs to access full
+VCPU ID space", 2018-07-25) added code that uses kvm->arch.emul_smt_mode
+before any VCPUs are created. However, userspace can change
+kvm->arch.emul_smt_mode at any time up until the first VCPU is created.
+Hence it is (theoretically) possible for the check in
+kvmppc_core_vcpu_create_hv() to race with another userspace thread
+changing kvm->arch.emul_smt_mode.
+
+This fixes it by moving the test that uses kvm->arch.emul_smt_mode into
+the block where kvm->lock is held.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_hv.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
+index 785245e09f32..113f81577668 100644
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -1989,16 +1989,10 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
+ unsigned int id)
+ {
+ struct kvm_vcpu *vcpu;
+- int err = -EINVAL;
++ int err;
+ int core;
+ struct kvmppc_vcore *vcore;
+
+- if (id >= (KVM_MAX_VCPUS * kvm->arch.emul_smt_mode) &&
+- cpu_has_feature(CPU_FTR_ARCH_300)) {
+- pr_devel("DNCI: VCPU ID too high\n");
+- goto out;
+- }
+-
+ err = -ENOMEM;
+ vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
+ if (!vcpu)
+@@ -2055,8 +2049,13 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
+ vcore = NULL;
+ err = -EINVAL;
+ if (cpu_has_feature(CPU_FTR_ARCH_300)) {
+- BUG_ON(kvm->arch.smt_mode != 1);
+- core = kvmppc_pack_vcpu_id(kvm, id);
++ if (id >= (KVM_MAX_VCPUS * kvm->arch.emul_smt_mode)) {
++ pr_devel("KVM: VCPU ID too high\n");
++ core = KVM_MAX_VCORES;
++ } else {
++ BUG_ON(kvm->arch.smt_mode != 1);
++ core = kvmppc_pack_vcpu_id(kvm, id);
++ }
+ } else {
+ core = id / kvm->arch.smt_mode;
+ }
+--
+2.13.7
+
diff --git a/series.conf b/series.conf
index 7f3f7cdf65..00c2ecb9e1 100644
--- a/series.conf
+++ b/series.conf
@@ -17783,6 +17783,7 @@
patches.arch/KVM-PPC-Book3S-HV-Fix-constant-size-warning.patch
patches.arch/KVM-PPC-Book3S-HV-Pack-VCORE-IDs-to-access-full-VCPU.patch
patches.arch/KVM-PPC-Book3S-HV-Allow-creating-max-number-of-VCPUs.patch
+ patches.arch/KVM-PPC-Book3S-HV-Read-kvm-arch.emul_smt_mode-under-.patch
patches.fixes/kvm-s390-add-etoken-support-for-guests.patch
patches.arch/kvm-nvmx-fix-fault-vector-for-vmx-operation-at-cpl-0
patches.arch/kvm-vmx-track-host_state-loaded-using-a-loaded_vmcs-pointer