Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1871286lql;
        Wed, 13 Mar 2024 10:19:30 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCX+21AICD1Hzb9nn0UoTTT4p9iD9utK0vk0xFhkXw3eUsP4nvQkKV0EMGZNLmASf7LRkYMTTuf2YP5isHcE0zUnzzBJG7H8csAu8tTQ/Q==
X-Google-Smtp-Source: AGHT+IFysGTm3K6Fz2x0LEikeePrMYQ7N3B3ufsIfB6yty21kwcqO3VHJ0LYoWR+PzIggxRWkbsa
X-Received: by 2002:a05:6a20:12c4:b0:1a1:4cd3:9d84 with SMTP id v4-20020a056a2012c400b001a14cd39d84mr15842844pzg.34.1710350370664;
        Wed, 13 Mar 2024 10:19:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1710350370; cv=pass;
        d=google.com; s=arc-20160816;
        b=jtf3THTWYRyfjqT83GzTgFo50TrXqO/rtjQmWrNsf3lnbcTEEc9RPSqAH1LRVPE0PP
         RJs6PYOvoWIbfj75tJAlKcrdstGO/ZCJrICQ7m1v3mJapdbeM08cix3TQrCRp2OiZVke
         Zy6NXK/KmIcR3KxZuBXt03Z7kfk8T5vx/+r7Ywnn/NLdN418kOXzx66ay+/T+3Ctmlll
         zTlwQ5hWLgc4NVqk4tXosnOEwKXTZTrNwTd167E4Ip1niGaVwykzWLS8A65NTmHtcHm8
         jjqlazzlvCpXXTn4X9A52OTF6BGkOOWS+yCrAU07DbNIgy0a/WET+eZblMBg6sG2vbU0
         xtEA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=Iz/pWCGeG1NOZjWpIRKa//I1IfHjQhpLulfBvPwKmm4=;
        fh=8q+v1FDavhX5KT0DbGK12gOZ2mkUZhoeOPHqXtJAKvE=;
        b=0JqYFhxSOgO50Dd0ILm7m0nOiqu+j19yVArAkSQ26E1tOfWzeDM76/zxBRzxroLCr3
         Z/xyG0+TEI7cjZs92sTAMUWcl2ZuTqF+tqaNpy1hbWL8ZJlsB8K5KUzpzwA9rYDOD5/D
         2Mpsz+KtX8TgjArYX6gnp1JpM03Knu+KZhT7hna+q3obPzxsJ3D3oE3UkEBN6CiA5CDD
         PGlNMfiQuMNuI3QB2uohptsW64DgZsZbWJG+XSLkSYIOepd02ZHjDIzwCkEXyXYYsFWg
         U48ax9Fu8AxPMaYN257iDaOHP1nr+MbRCr5PdFkGF3Ms29aFoDHFCxOENeHyBTgmd0oz
         Zhog==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hHQ5tJ22;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id f34-20020a635562000000b005d8e3490d49si9160432pgm.407.2024.03.13.10.19.30
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 Mar 2024 10:19:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hHQ5tJ22;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101900-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 26547289BF0
	for <linux.lists.archive@gmail.com>; Wed, 13 Mar 2024 17:11:28 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id AF06E80BFA;
	Wed, 13 Mar 2024 16:40:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hHQ5tJ22"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7D3F80BE0;
	Wed, 13 Mar 2024 16:40:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710348036; cv=none; b=j73ZWnDZz//zivI5KD6TZWatt8qQ8oiR4AfdneiztRzdXL5hjm4lqTqe347HBokxhCt9UBMjmz7RMeoAGBaYrjoWDqN3B2+cICH9LKLjvlFTvyeL6ZWqLZXDDD8EpPC/8bT44faXlArE1OKCmx33iOA5z/v2ijXi2KIMNXMQXqU=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710348036; c=relaxed/simple;
	bh=nQ33qfdvdiwhdYJ+Ory7oxUn3Vho3qftB9HgNXx1csY=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=u0/SZKQnLhzSA8id6wYys1z0QxDFsnePQbj6dD93TvZ5h49zF0l9pg5os+PbO2WkYeYxB8+OHWGagqB2TsAnKuWe01b4Ch/vCj6p5+64kNYbtph4rhxc1fVm+XDoMNqIrP+xAX/CrCqC0h3kM6LKXh99jq+nW1CQ26hYxuTlj04=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hHQ5tJ22; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB4B2C433C7;
	Wed, 13 Mar 2024 16:40:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1710348036;
	bh=nQ33qfdvdiwhdYJ+Ory7oxUn3Vho3qftB9HgNXx1csY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=hHQ5tJ22Ji+9jXwX0EhodPBB2yOZZoyQitsvMNoVygR/2XkWnxxFb4q/VrOw22or0
	 Ybpy1igLACLTxBKdDThghcvID09j5KIbLX0G8mqyy7yRLfXoLc5gD71IOpIc6HrPAY
	 K+MTN+TVUr9ddVZyaXqRtsnAL9H+k3gQINTpv+CWJdwhAl/WipAYh8OuF+4Gg/lKgy
	 AFiXeVPiWXwoyMMV5uHhqQOoSQ6V6ckYW8wkrwvHyRh/GeeZGCuzoR0dFTSORF91X/
	 bBoBG0B5KGXlbpzEhNVyINd8JIKOpVmeEJiZrZR8XHm2nzbJ3vtCsY8NTNiuZwWGDM
	 8q60A5GJVIGtg==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Christian Borntraeger <borntraeger@linux.ibm.com>,
	Marc Hartmayer <mhartmay@linux.ibm.com>,
	David Hildenbrand <david@redhat.com>,
	Janosch Frank <frankja@linux.ibm.com>,
	Claudio Imbrenda <imbrenda@linux.ibm.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 32/71] KVM: s390: vsie: fix race during shadow creation
Date: Wed, 13 Mar 2024 12:39:18 -0400
Message-ID: <20240313163957.615276-33-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240313163957.615276-1-sashal@kernel.org>
References: <20240313163957.615276-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.82-rc1.gz
X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
X-KernelTest-Branch: linux-6.1.y
X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git
X-KernelTest-Version: 6.1.82-rc1
X-KernelTest-Deadline: 2024-03-15T16:39+00:00
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Christian Borntraeger <borntraeger@linux.ibm.com>

[ Upstream commit fe752331d4b361d43cfd0b89534b4b2176057c32 ]

Right now it is possible to see gmap->private being zero in
kvm_s390_vsie_gmap_notifier resulting in a crash.  This is due to the
fact that we add gmap->private == kvm after creation:

static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
                               struct vsie_page *vsie_page)
{
[...]
        gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
        if (IS_ERR(gmap))
                return PTR_ERR(gmap);
        gmap->private = vcpu->kvm;

Let children inherit the private field of the parent.

Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Fixes: a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested virtualization")
Cc: <stable@vger.kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20231220125317.4258-1-borntraeger@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/s390/kvm/vsie.c | 1 -
 arch/s390/mm/gmap.c  | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index b2dbf08a961e5..d90c818a9ae71 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -1216,7 +1216,6 @@ static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
 	gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
 	if (IS_ERR(gmap))
 		return PTR_ERR(gmap);
-	gmap->private = vcpu->kvm;
 	vcpu->kvm->stat.gmap_shadow_create++;
 	WRITE_ONCE(vsie_page->gmap, gmap);
 	return 0;
diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
index 243f673fa6515..662cf23a1b44b 100644
--- a/arch/s390/mm/gmap.c
+++ b/arch/s390/mm/gmap.c
@@ -1675,6 +1675,7 @@ struct gmap *gmap_shadow(struct gmap *parent, unsigned long asce,
 		return ERR_PTR(-ENOMEM);
 	new->mm = parent->mm;
 	new->parent = gmap_get(parent);
+	new->private = parent->private;
 	new->orig_asce = asce;
 	new->edat_level = edat_level;
 	new->initialized = false;
-- 
2.43.0