diff mbox series

[v7,15/15] KVM: s390: fix possible null pointer dereference in pending_irqs()

Message ID 20190131085247.13826-16-mimu@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series None | expand

Commit Message

Michael Mueller Jan. 31, 2019, 8:52 a.m. UTC
Assure a GISA is in use before accessing the IPM to avoid a
null pointer dereference issue.

Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
Reported-by: Halil Pasic <pasic@linux.ibm.com>
---
 arch/s390/kvm/interrupt.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Cornelia Huck Jan. 31, 2019, 5:47 p.m. UTC | #1
On Thu, 31 Jan 2019 09:52:46 +0100
Michael Mueller <mimu@linux.ibm.com> wrote:

> Assure a GISA is in use before accessing the IPM to avoid a
> null pointer dereference issue.

This series can hopefully make it into the next merge window;
otherwise, queuing a patch fixing up the original code would be good.

> 
> Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
> Reported-by: Halil Pasic <pasic@linux.ibm.com>
> ---
>  arch/s390/kvm/interrupt.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Pierre Morel Feb. 1, 2019, 9:36 a.m. UTC | #2
On 31/01/2019 09:52, Michael Mueller wrote:
> Assure a GISA is in use before accessing the IPM to avoid a
> null pointer dereference issue.
> 
> Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
> Reported-by: Halil Pasic <pasic@linux.ibm.com>
> ---
>   arch/s390/kvm/interrupt.c | 10 +++++++---
>   1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
> index d322400ca587..660ec87b6e60 100644
> --- a/arch/s390/kvm/interrupt.c
> +++ b/arch/s390/kvm/interrupt.c
> @@ -329,9 +329,13 @@ static inline unsigned long pending_irqs_no_gisa(struct kvm_vcpu *vcpu)
>   
>   static inline unsigned long pending_irqs(struct kvm_vcpu *vcpu)
>   {
> -	return pending_irqs_no_gisa(vcpu) |
> -		gisa_get_ipm(vcpu->kvm->arch.gisa_int.origin) <<
> -			IRQ_PEND_IO_ISC_7;
> +	struct kvm_s390_gisa_interrupt *gi = &vcpu->kvm->arch.gisa_int;
> +	unsigned long pending_mask;
> +
> +	pending_mask = pending_irqs_no_gisa(vcpu);
> +	if (gi->origin)
> +		pending_mask |= gisa_get_ipm(gi->origin) << IRQ_PEND_IO_ISC_7;
> +	return pending_mask;
>   }
>   
>   static inline int isc_to_irq_type(unsigned long isc)
> 
Reviewed-by: Pierre Morel<pmorel@linux.ibm.com>
Christian Borntraeger Feb. 5, 2019, 8:57 a.m. UTC | #3
On 31.01.2019 18:47, Cornelia Huck wrote:
> On Thu, 31 Jan 2019 09:52:46 +0100
> Michael Mueller <mimu@linux.ibm.com> wrote:
> 
>> Assure a GISA is in use before accessing the IPM to avoid a
>> null pointer dereference issue.
> 
> This series can hopefully make it into the next merge window;
> otherwise, queuing a patch fixing up the original code would be good.


Yes, I plan to apply this series today.
> 
>>
>> Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
>> Reported-by: Halil Pasic <pasic@linux.ibm.com>
>> ---
>>  arch/s390/kvm/interrupt.c | 10 +++++++---
>>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
>
diff mbox series

Patch

diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index d322400ca587..660ec87b6e60 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -329,9 +329,13 @@  static inline unsigned long pending_irqs_no_gisa(struct kvm_vcpu *vcpu)
 
 static inline unsigned long pending_irqs(struct kvm_vcpu *vcpu)
 {
-	return pending_irqs_no_gisa(vcpu) |
-		gisa_get_ipm(vcpu->kvm->arch.gisa_int.origin) <<
-			IRQ_PEND_IO_ISC_7;
+	struct kvm_s390_gisa_interrupt *gi = &vcpu->kvm->arch.gisa_int;
+	unsigned long pending_mask;
+
+	pending_mask = pending_irqs_no_gisa(vcpu);
+	if (gi->origin)
+		pending_mask |= gisa_get_ipm(gi->origin) << IRQ_PEND_IO_ISC_7;
+	return pending_mask;
 }
 
 static inline int isc_to_irq_type(unsigned long isc)