git.baikalelectronics.ru Git - kernel.git/commit

author	David Hildenbrand <david@redhat.com>
	Fri, 3 Apr 2020 15:30:46 +0000 (17:30 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 17 Apr 2020 08:50:13 +0000 (10:50 +0200)
commit	bc921296d6d87c92c3d1a754b0b1afe8095769d3
tree	28d181671f19c42dc46edc4dc5fb8e95d6959274	tree \| snapshot
parent	81d5c7261e12dbf2d4769f15d027031511367595	commit \| diff

KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks

commit 29337f222f5fba75d527a9d2f705380e550cd1c2 upstream.

In case we have a region 1 the following calculation
(31 + ((gmap->asce & _ASCE_TYPE_MASK) >> 2)*11)
results in 64. As shifts beyond the size are undefined the compiler is
free to use instructions like sllg. sllg will only use 6 bits of the
shift value (here 64) resulting in no shift at all. That means that ALL
addresses will be rejected.

The can result in endless loops, e.g. when prefix cannot get mapped.

Fixes: b4453af3ac5b ("s390/mm: add shadow gmap support")
Tested-by: Janosch Frank <frankja@linux.ibm.com>
Reported-by: Janosch Frank <frankja@linux.ibm.com>
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: David Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/r/20200403153050.20569-2-david@redhat.com
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
[borntraeger@de.ibm.com: fix patch description, remove WARN_ON_ONCE]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>