From patchwork Tue May 12 15:21:51 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ehrhardt@linux.vnet.ibm.com X-Patchwork-Id: 23272 Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n4CFNI5G028709 for ; Tue, 12 May 2009 15:23:19 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757185AbZELPV5 (ORCPT ); Tue, 12 May 2009 11:21:57 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757139AbZELPV4 (ORCPT ); Tue, 12 May 2009 11:21:56 -0400 Received: from mtagate1.de.ibm.com ([195.212.17.161]:52753 "EHLO mtagate1.de.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756745AbZELPVz (ORCPT ); Tue, 12 May 2009 11:21:55 -0400 Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate1.de.ibm.com (8.13.1/8.13.1) with ESMTP id n4CFLu7X014315 for ; Tue, 12 May 2009 15:21:56 GMT Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) by d12nrmr1607.megacenter.de.ibm.com (8.13.8/8.13.8/NCO v9.2) with ESMTP id n4CFLte93793104 for ; Tue, 12 May 2009 17:21:55 +0200 Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n4CFLtiM011918 for ; Tue, 12 May 2009 17:21:55 +0200 Received: from localhost.localdomain (dyn-9-152-212-28.boeblingen.de.ibm.com [9.152.212.28]) by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n4CFLssr011898; Tue, 12 May 2009 17:21:55 +0200 From: ehrhardt@linux.vnet.ibm.com To: Avi Kivity , kvm@vger.kernel.org Cc: ehrhardt@linux.vnet.ibm.com, Christian Borntraeger , Carsten Otte , Heiko Carstens , Martin Schwidefsky Subject: [PATCH 4/6]: kvm-s390: Unlink vcpu on destroy - v2 Date: Tue, 12 May 2009 17:21:51 +0200 Message-Id: <1242141713-20863-5-git-send-email-ehrhardt@linux.vnet.ibm.com> X-Mailer: git-send-email 1.5.6.3 In-Reply-To: <1242141713-20863-1-git-send-email-ehrhardt@linux.vnet.ibm.com> References: <1242141713-20863-1-git-send-email-ehrhardt@linux.vnet.ibm.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Carsten Otte This patch makes sure we do unlink a vcpu's sie control block from the system control area in kvm_arch_vcpu_destroy. This prevents illegal accesses to the sie control block from other virtual cpus after free. Reported-by: Mijo Safradin Signed-off-by: Carsten Otte Signed-off-by: Christian Ehrhardt --- kvm-s390.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Index: kvm/arch/s390/kvm/kvm-s390.c =================================================================== --- kvm.orig/arch/s390/kvm/kvm-s390.c +++ kvm/arch/s390/kvm/kvm-s390.c @@ -195,6 +195,10 @@ out_nokvm: void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) { VCPU_EVENT(vcpu, 3, "%s", "free cpu"); + if (vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda == + (__u64) vcpu->arch.sie_block) + vcpu->kvm->arch.sca->cpu[vcpu->vcpu_id].sda = 0; + smp_mb(); free_page((unsigned long)(vcpu->arch.sie_block)); kvm_vcpu_uninit(vcpu); kfree(vcpu); @@ -307,8 +311,10 @@ struct kvm_vcpu *kvm_arch_vcpu_create(st vcpu->arch.sie_block->icpua = id; BUG_ON(!kvm->arch.sca); - BUG_ON(kvm->arch.sca->cpu[id].sda); - kvm->arch.sca->cpu[id].sda = (__u64) vcpu->arch.sie_block; + if (!kvm->arch.sca->cpu[id].sda) + kvm->arch.sca->cpu[id].sda = (__u64) vcpu->arch.sie_block; + else + BUG_ON(!kvm->vcpus[id]); /* vcpu does already exist */ vcpu->arch.sie_block->scaoh = (__u32)(((__u64)kvm->arch.sca) >> 32); vcpu->arch.sie_block->scaol = (__u32)(__u64)kvm->arch.sca;