From: Janis Schoetterl-Glausch scgl@linux.ibm.com
stable inclusion from stable-v5.10.100 commit b62267b8b06e9b8bb429ae8f962ee431e6535d60 bugzilla: https://gitee.com/src-openeuler/kernel/issues/I4U746 CVE: CVE-2022-0516
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 2c212e1baedcd782b2535a3f86bc491977677c0e upstream.
Refuse SIDA memops on guests which are not protected. For normal guests, the secure instruction data address designation, which determines the location we access, is not under control of KVM.
Fixes: 19e122776886 (KVM: S390: protvirt: Introduce instruction data area bounce buffer) Signed-off-by: Janis Schoetterl-Glausch scgl@linux.ibm.com Cc: stable@vger.kernel.org Signed-off-by: Christian Borntraeger borntraeger@linux.ibm.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Chen Jun chenjun102@huawei.com Reviewed-by: Weilong Chen chenweilong@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/s390/kvm/kvm-s390.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 07a04f392600..d8e9239c24ff 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -4654,6 +4654,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu, return -EINVAL; if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block)) return -E2BIG; + if (!kvm_s390_pv_cpu_is_protected(vcpu)) + return -EINVAL;
switch (mop->op) { case KVM_S390_MEMOP_SIDA_READ: