Skip to content

Commit bda646d

Browse files
rkrcmarrkrcmar
committed
Merge tag 'kvm-s390-master-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux
KVM: s390: another fix for cmma migration This fixes races and potential use after free in the cmma migration code.
2 parents 0c5b9b5 + 1de1ea7 commit bda646d

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

arch/s390/kvm/kvm-s390.c

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -769,7 +769,7 @@ static void kvm_s390_sync_request_broadcast(struct kvm *kvm, int req)
769769

770770
/*
771771
* Must be called with kvm->srcu held to avoid races on memslots, and with
772-
* kvm->lock to avoid races with ourselves and kvm_s390_vm_stop_migration.
772+
* kvm->slots_lock to avoid races with ourselves and kvm_s390_vm_stop_migration.
773773
*/
774774
static int kvm_s390_vm_start_migration(struct kvm *kvm)
775775
{
@@ -825,7 +825,7 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm)
825825
}
826826

827827
/*
828-
* Must be called with kvm->lock to avoid races with ourselves and
828+
* Must be called with kvm->slots_lock to avoid races with ourselves and
829829
* kvm_s390_vm_start_migration.
830830
*/
831831
static int kvm_s390_vm_stop_migration(struct kvm *kvm)
@@ -840,6 +840,8 @@ static int kvm_s390_vm_stop_migration(struct kvm *kvm)
840840

841841
if (kvm->arch.use_cmma) {
842842
kvm_s390_sync_request_broadcast(kvm, KVM_REQ_STOP_MIGRATION);
843+
/* We have to wait for the essa emulation to finish */
844+
synchronize_srcu(&kvm->srcu);
843845
vfree(mgs->pgste_bitmap);
844846
}
845847
kfree(mgs);
@@ -849,22 +851,20 @@ static int kvm_s390_vm_stop_migration(struct kvm *kvm)
849851
static int kvm_s390_vm_set_migration(struct kvm *kvm,
850852
struct kvm_device_attr *attr)
851853
{
852-
int idx, res = -ENXIO;
854+
int res = -ENXIO;
853855

854-
mutex_lock(&kvm->lock);
856+
mutex_lock(&kvm->slots_lock);
855857
switch (attr->attr) {
856858
case KVM_S390_VM_MIGRATION_START:
857-
idx = srcu_read_lock(&kvm->srcu);
858859
res = kvm_s390_vm_start_migration(kvm);
859-
srcu_read_unlock(&kvm->srcu, idx);
860860
break;
861861
case KVM_S390_VM_MIGRATION_STOP:
862862
res = kvm_s390_vm_stop_migration(kvm);
863863
break;
864864
default:
865865
break;
866866
}
867-
mutex_unlock(&kvm->lock);
867+
mutex_unlock(&kvm->slots_lock);
868868

869869
return res;
870870
}
@@ -1754,7 +1754,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
17541754
r = -EFAULT;
17551755
if (copy_from_user(&args, argp, sizeof(args)))
17561756
break;
1757+
mutex_lock(&kvm->slots_lock);
17571758
r = kvm_s390_get_cmma_bits(kvm, &args);
1759+
mutex_unlock(&kvm->slots_lock);
17581760
if (!r) {
17591761
r = copy_to_user(argp, &args, sizeof(args));
17601762
if (r)
@@ -1768,7 +1770,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
17681770
r = -EFAULT;
17691771
if (copy_from_user(&args, argp, sizeof(args)))
17701772
break;
1773+
mutex_lock(&kvm->slots_lock);
17711774
r = kvm_s390_set_cmma_bits(kvm, &args);
1775+
mutex_unlock(&kvm->slots_lock);
17721776
break;
17731777
}
17741778
default:

0 commit comments

Comments
 (0)