Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2035031ybb; Thu, 2 Apr 2020 11:50:07 -0700 (PDT) X-Google-Smtp-Source: APiQypKTy5A4L8n9ITiq7Vbz58skaXIE1JP/ff1wIWdJK9Hbo0DV/GxrSxPqBNKDqnF4V0+45hpz X-Received: by 2002:aca:4b84:: with SMTP id y126mr338218oia.31.1585853407570; Thu, 02 Apr 2020 11:50:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585853407; cv=none; d=google.com; s=arc-20160816; b=SuKbN9Dt1BgEtgJjMriCCVpGmbKG8WjN2B6uIUN3vG8FLDBRTYd+iYNe+7JVowGeOH Xcj7zXW72nZh4t+uFlSOid30QiNXaR6uCbmISvlNkvKycHdtW/22Vh/UGo/1cXyIsZX6 +Qr2YtLACc/5DfJ0ffI/d6+CcqXnV+fwBsKP62xM6pqI2H3MXJnN4M7fgJ4sFKNBzK8j /BxUbMIYUblMr3VKaD0u0s8eKQ9wVmywE3T/nw/QGc+NEQeuGON1h+vCy8MMvbvcnCye sutYykOObbKPaAzXLHXXJw+5NnX4Iuj8Irt6tZ4mluy7lSUFpXGPKanlch/F5H8DBXIq ZjOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bo/SIfmVuQxtNcfVHbbkR511KgXolpkFsV3XDhMlwBo=; b=zDryrQSGyowkscO5poQQ3EDXoy+itjyA0vsakIxP4oyXmhQR2o5hqUmUKV3EMsPyUZ GFA2dMt0mSVAiW8srK56l0g6T5DKWYjVFxElXbM1LMeH92ZXt2AO/Z3dVCzR0fc4VS0Y 2wnhI2oOJJH5jl6trJSf0o/E3g+v5fpr5eEvLLklrucHWMsHPb9u2VfrmhUVmTazUkpi EHp8mGJuYEZWAQ8OJwFH9xxS7510d8VdPEzjGF61TsgBFVEK9mhWVOommDeZOkGS3aKU dnr89NntDNIY8XFbqAnPVzOZhZL35vBA8GOprLl6ZUJev5xsacl2HzQp/zWOSE/sXnVG /PAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PoLncuub; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w65si2714527oif.134.2020.04.02.11.49.54; Thu, 02 Apr 2020 11:50:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PoLncuub; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389931AbgDBSsf (ORCPT + 99 others); Thu, 2 Apr 2020 14:48:35 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:60528 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2389123AbgDBSsc (ORCPT ); Thu, 2 Apr 2020 14:48:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585853311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bo/SIfmVuQxtNcfVHbbkR511KgXolpkFsV3XDhMlwBo=; b=PoLncuubioGu6//VRpBc+LwFNSx8m6pFcglP1wVmg+WwcZWYUSEsh/JvBMjCXnsFTcoYXu tt/btx6wH9cLy4SA4LdcIt5I08J6J7BZY8aen+2cHKDe0Snvs1V3n6dSi6a60oa/Ct66Cu GCAMAeCRdvT+zwDyd/foR9Jr+ovNLZ0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-408-zGOKMzHDPR6yJnmedVHzOQ-1; Thu, 02 Apr 2020 14:48:29 -0400 X-MC-Unique: zGOKMzHDPR6yJnmedVHzOQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6946A8017F5; Thu, 2 Apr 2020 18:48:27 +0000 (UTC) Received: from t480s.redhat.com (ovpn-114-29.ams2.redhat.com [10.36.114.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5B1D660BF3; Thu, 2 Apr 2020 18:48:25 +0000 (UTC) From: David Hildenbrand To: kvm@vger.kernel.org Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, Vasily Gorbik , Heiko Carstens , Cornelia Huck , Janosch Frank , Christian Borntraeger , David Hildenbrand , stable@vger.kernel.org Subject: [PATCH v1 1/5] KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks Date: Thu, 2 Apr 2020 20:48:15 +0200 Message-Id: <20200402184819.34215-2-david@redhat.com> In-Reply-To: <20200402184819.34215-1-david@redhat.com> References: <20200402184819.34215-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In case we have a region 1 ASCE, our shadow/g3 address can have any value= . Unfortunately, (-1UL << 64) is undefined and triggers sometimes, rejecting valid shadow addresses when trying to walk our shadow table hierarchy. The result is that the prefix cannot get mapped and will loop basically forever trying to map it (-EAGAIN loop). After all, the broken check is only a sanity check, our table shadowing code in kvm_s390_shadow_tables() already checks these conditions, injecti= ng proper translation exceptions. Turn it into a WARN_ON_ONCE(). Fixes: 4be130a08420 ("s390/mm: add shadow gmap support") Cc: # v4.8+ Reported-by: Janosch Frank Signed-off-by: David Hildenbrand --- arch/s390/mm/gmap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c index 2fbece47ef6f..f3dbc5bdde50 100644 --- a/arch/s390/mm/gmap.c +++ b/arch/s390/mm/gmap.c @@ -787,14 +787,18 @@ static void gmap_call_notifier(struct gmap *gmap, u= nsigned long start, static inline unsigned long *gmap_table_walk(struct gmap *gmap, unsigned long gaddr, int level) { + const int asce_type =3D gmap->asce & _ASCE_TYPE_MASK; unsigned long *table; =20 if ((gmap->asce & _ASCE_TYPE_MASK) + 4 < (level * 4)) return NULL; if (gmap_is_shadow(gmap) && gmap->removed) return NULL; - if (gaddr & (-1UL << (31 + ((gmap->asce & _ASCE_TYPE_MASK) >> 2)*11))) + + if (WARN_ON_ONCE(asce_type !=3D _ASCE_TYPE_REGION1) && + gaddr & (-1UL << (31 + (asce_type >> 2) * 11))) return NULL; + table =3D gmap->table; switch (gmap->asce & _ASCE_TYPE_MASK) { case _ASCE_TYPE_REGION1: --=20 2.25.1