Message ID | 20220214140842.236308-1-cascardo@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Focal/Impish/Jammy] KVM: s390: Return error on SIDA memop on normal guest | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> On 2/14/22 7:08 AM, Thadeu Lima de Souza Cascardo wrote: > From: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > > Refuse SIDA memops on guests which are not protected. > For normal guests, the secure instruction data address designation, > which determines the location we access, is not under control of KVM. > > Fixes: 19e122776886 (KVM: S390: protvirt: Introduce instruction data area bounce buffer) > Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > Cc: stable@vger.kernel.org > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> > (cherry picked from commit 2c212e1baedcd782b2535a3f86bc491977677c0e) > CVE-2022-0516 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > arch/s390/kvm/kvm-s390.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 08c1c8944f40..817f4deaae2d 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -4641,6 +4641,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu, > return -EINVAL; > if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block)) > return -E2BIG; > + if (!kvm_s390_pv_cpu_is_protected(vcpu)) > + return -EINVAL; > > switch (mop->op) { > case KVM_S390_MEMOP_SIDA_READ:
On 14.02.22 15:08, Thadeu Lima de Souza Cascardo wrote: > From: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > > Refuse SIDA memops on guests which are not protected. > For normal guests, the secure instruction data address designation, > which determines the location we access, is not under control of KVM. > > Fixes: 19e122776886 (KVM: S390: protvirt: Introduce instruction data area bounce buffer) > Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > Cc: stable@vger.kernel.org > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> > (cherry picked from commit 2c212e1baedcd782b2535a3f86bc491977677c0e) > CVE-2022-0516 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > arch/s390/kvm/kvm-s390.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 08c1c8944f40..817f4deaae2d 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -4641,6 +4641,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu, > return -EINVAL; > if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block)) > return -E2BIG; > + if (!kvm_s390_pv_cpu_is_protected(vcpu)) > + return -EINVAL; > > switch (mop->op) { > case KVM_S390_MEMOP_SIDA_READ:
On 14.02.22 15:08, Thadeu Lima de Souza Cascardo wrote: > From: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > > Refuse SIDA memops on guests which are not protected. > For normal guests, the secure instruction data address designation, > which determines the location we access, is not under control of KVM. > > Fixes: 19e122776886 (KVM: S390: protvirt: Introduce instruction data area bounce buffer) > Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > Cc: stable@vger.kernel.org > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> > (cherry picked from commit 2c212e1baedcd782b2535a3f86bc491977677c0e) > CVE-2022-0516 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- Applied to focal,impish:linux/master-next. Thanks. -Stefan > arch/s390/kvm/kvm-s390.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 08c1c8944f40..817f4deaae2d 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -4641,6 +4641,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu, > return -EINVAL; > if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block)) > return -E2BIG; > + if (!kvm_s390_pv_cpu_is_protected(vcpu)) > + return -EINVAL; > > switch (mop->op) { > case KVM_S390_MEMOP_SIDA_READ:
On Mon, Feb 14, 2022 at 11:08:42AM -0300, Thadeu Lima de Souza Cascardo wrote: > From: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > > Refuse SIDA memops on guests which are not protected. > For normal guests, the secure instruction data address designation, > which determines the location we access, is not under control of KVM. > > Fixes: 19e122776886 (KVM: S390: protvirt: Introduce instruction data area bounce buffer) > Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com> > Cc: stable@vger.kernel.org > Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> > (cherry picked from commit 2c212e1baedcd782b2535a3f86bc491977677c0e) > CVE-2022-0516 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Applied to jammy/linux. Thanks, -Andrea
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 08c1c8944f40..817f4deaae2d 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -4641,6 +4641,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu, return -EINVAL; if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block)) return -E2BIG; + if (!kvm_s390_pv_cpu_is_protected(vcpu)) + return -EINVAL; switch (mop->op) { case KVM_S390_MEMOP_SIDA_READ: