releases/4.1.14/kvm-s390-fix-wrong-lookup-of-vcpus-by-array-index.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 152e9f65d66f0a3891efc3869440becc0e7ff53f Mon Sep 17 00:00:00 2001
 From: David Hildenbrand <dahi@linux.vnet.ibm.com>
 Date: Thu, 5 Nov 2015 09:06:06 +0100
 Subject: KVM: s390: fix wrong lookup of VCPUs by array index

 From: David Hildenbrand <dahi@linux.vnet.ibm.com>

 commit 152e9f65d66f0a3891efc3869440becc0e7ff53f upstream.

 For now, VCPUs were always created sequentially with incrementing
 VCPU ids. Therefore, the index in the VCPUs array matched the id.

 As sequential creation might change with cpu hotplug, let's use
 the correct lookup function to find a VCPU by id, not array index.

 Let's also use kvm_lookup_vcpu() for validation of the sending VCPU
 on external call injection.

 Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
 Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
 Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/s390/kvm/interrupt.c |    3 +--
  arch/s390/kvm/sigp.c      |    8 ++------
  2 files changed, 3 insertions(+), 8 deletions(-)

 --- a/arch/s390/kvm/interrupt.c
 +++ b/arch/s390/kvm/interrupt.c
 @@ -1054,8 +1054,7 @@ static int __inject_extcall(struct kvm_v
  				   src_id, 0, 2);

  	/* sending vcpu invalid */
 -	if (src_id >= KVM_MAX_VCPUS ||
 -	    kvm_get_vcpu(vcpu->kvm, src_id) == NULL)
 +	if (kvm_get_vcpu_by_id(vcpu->kvm, src_id) == NULL)
  		return -EINVAL;

  	if (sclp_has_sigpif())
 --- a/arch/s390/kvm/sigp.c
 +++ b/arch/s390/kvm/sigp.c
 @@ -294,12 +294,8 @@ static int handle_sigp_dst(struct kvm_vc
  			   u16 cpu_addr, u32 parameter, u64 *status_reg)
  {
  	int rc;
 -	struct kvm_vcpu *dst_vcpu;
 +	struct kvm_vcpu *dst_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);

 -	if (cpu_addr >= KVM_MAX_VCPUS)
 -		return SIGP_CC_NOT_OPERATIONAL;
 -
 -	dst_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
  	if (!dst_vcpu)
  		return SIGP_CC_NOT_OPERATIONAL;

 @@ -481,7 +477,7 @@ int kvm_s390_handle_sigp_pei(struct kvm_
  	trace_kvm_s390_handle_sigp_pei(vcpu, order_code, cpu_addr);

  	if (order_code == SIGP_EXTERNAL_CALL) {
 -		dest_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
 +		dest_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);
  		BUG_ON(dest_vcpu == NULL);

  		kvm_s390_vcpu_wakeup(dest_vcpu);
	From 152e9f65d66f0a3891efc3869440becc0e7ff53f Mon Sep 17 00:00:00 2001
	From: David Hildenbrand <dahi@linux.vnet.ibm.com>
	Date: Thu, 5 Nov 2015 09:06:06 +0100
	Subject: KVM: s390: fix wrong lookup of VCPUs by array index

	From: David Hildenbrand <dahi@linux.vnet.ibm.com>

	commit 152e9f65d66f0a3891efc3869440becc0e7ff53f upstream.

	For now, VCPUs were always created sequentially with incrementing
	VCPU ids. Therefore, the index in the VCPUs array matched the id.

	As sequential creation might change with cpu hotplug, let's use
	the correct lookup function to find a VCPU by id, not array index.

	Let's also use kvm_lookup_vcpu() for validation of the sending VCPU
	on external call injection.

	Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
	Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
	Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/s390/kvm/interrupt.c \| 3 +--
	arch/s390/kvm/sigp.c \| 8 ++------
	2 files changed, 3 insertions(+), 8 deletions(-)

	--- a/arch/s390/kvm/interrupt.c
	+++ b/arch/s390/kvm/interrupt.c
	@@ -1054,8 +1054,7 @@ static int __inject_extcall(struct kvm_v
	src_id, 0, 2);

	/* sending vcpu invalid */
	- if (src_id >= KVM_MAX_VCPUS \|\|
	- kvm_get_vcpu(vcpu->kvm, src_id) == NULL)
	+ if (kvm_get_vcpu_by_id(vcpu->kvm, src_id) == NULL)
	return -EINVAL;

	if (sclp_has_sigpif())
	--- a/arch/s390/kvm/sigp.c
	+++ b/arch/s390/kvm/sigp.c
	@@ -294,12 +294,8 @@ static int handle_sigp_dst(struct kvm_vc
	u16 cpu_addr, u32 parameter, u64 *status_reg)
	{
	int rc;
	- struct kvm_vcpu *dst_vcpu;
	+ struct kvm_vcpu *dst_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);

	- if (cpu_addr >= KVM_MAX_VCPUS)
	- return SIGP_CC_NOT_OPERATIONAL;
	-
	- dst_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
	if (!dst_vcpu)
	return SIGP_CC_NOT_OPERATIONAL;

	@@ -481,7 +477,7 @@ int kvm_s390_handle_sigp_pei(struct kvm_
	trace_kvm_s390_handle_sigp_pei(vcpu, order_code, cpu_addr);

	if (order_code == SIGP_EXTERNAL_CALL) {
	- dest_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr);
	+ dest_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);
	BUG_ON(dest_vcpu == NULL);

	kvm_s390_vcpu_wakeup(dest_vcpu);