diff options
author | David Hildenbrand <david@redhat.com> | 2020-04-03 17:30:46 +0200 |
---|---|---|
committer | Christian Borntraeger <borntraeger@de.ibm.com> | 2020-04-07 13:12:18 +0200 |
commit | a1d032a49522cb5368e5dfb945a85899b4c74f65 (patch) | |
tree | 24edd0806ead1a342d2bc31e921d27593f943aef /arch/s390/kvm | |
parent | 8c1b724ddb218f221612d4c649bc9c7819d8d7a6 (diff) | |
download | linux-stable-a1d032a49522cb5368e5dfb945a85899b4c74f65.tar.gz linux-stable-a1d032a49522cb5368e5dfb945a85899b4c74f65.tar.bz2 linux-stable-a1d032a49522cb5368e5dfb945a85899b4c74f65.zip |
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
In case we have a region 1 the following calculation
(31 + ((gmap->asce & _ASCE_TYPE_MASK) >> 2)*11)
results in 64. As shifts beyond the size are undefined the compiler is
free to use instructions like sllg. sllg will only use 6 bits of the
shift value (here 64) resulting in no shift at all. That means that ALL
addresses will be rejected.
The can result in endless loops, e.g. when prefix cannot get mapped.
Fixes: 4be130a08420 ("s390/mm: add shadow gmap support")
Tested-by: Janosch Frank <frankja@linux.ibm.com>
Reported-by: Janosch Frank <frankja@linux.ibm.com>
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: David Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/r/20200403153050.20569-2-david@redhat.com
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
[borntraeger@de.ibm.com: fix patch description, remove WARN_ON_ONCE]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Diffstat (limited to 'arch/s390/kvm')
0 files changed, 0 insertions, 0 deletions