tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

KVM: s390: add proper locking for CMMA migration bitmap

Some parts of the cmma migration bitmap is already protected
with the kvm->lock (e.g. the migration start). On the other
hand the read of the cmma bits is not protected against a
concurrent free, neither is the emulation of the ESSA instruction.
Let's extend the locking to all related ioctls by using
the slots lock for
- kvm_s390_vm_start_migration
- kvm_s390_vm_stop_migration
- kvm_s390_set_cmma_bits
- kvm_s390_get_cmma_bits

In addition to that, we use synchronize_srcu before freeing
the migration structure as all users hold kvm->srcu for read.
(e.g. the ESSA handler).

Reported-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: stable@vger.kernel.org # 4.13+
Fixes: 190df4a212a7 (KVM: s390: CMMA tracking, ESSA emulation, migration mode)
Reviewed-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Christian Borntraeger 1de1ea7e c2cf265d

options
unified split
Changed files
+11 -7
arch
s390
kvm
kvm-s390.c
+11 -7
arch/s390/kvm/kvm-s390.c
··· 766 766 767 767 /* 768 768 * Must be called with kvm->srcu held to avoid races on memslots, and with 769 - * kvm->lock to avoid races with ourselves and kvm_s390_vm_stop_migration. 769 + * kvm->slots_lock to avoid races with ourselves and kvm_s390_vm_stop_migration. 770 770 */ 771 771 static int kvm_s390_vm_start_migration(struct kvm *kvm) 772 772 { ··· 822 822 } 823 823 824 824 /* 825 - * Must be called with kvm->lock to avoid races with ourselves and 825 + * Must be called with kvm->slots_lock to avoid races with ourselves and 826 826 * kvm_s390_vm_start_migration. 827 827 */ 828 828 static int kvm_s390_vm_stop_migration(struct kvm *kvm) ··· 837 837 838 838 if (kvm->arch.use_cmma) { 839 839 kvm_s390_sync_request_broadcast(kvm, KVM_REQ_STOP_MIGRATION); 840 + /* We have to wait for the essa emulation to finish */ 841 + synchronize_srcu(&kvm->srcu); 840 842 vfree(mgs->pgste_bitmap); 841 843 } 842 844 kfree(mgs); ··· 848 846 static int kvm_s390_vm_set_migration(struct kvm *kvm, 849 847 struct kvm_device_attr *attr) 850 848 { 851 - int idx, res = -ENXIO; 849 + int res = -ENXIO; 852 850 853 - mutex_lock(&kvm->lock); 851 + mutex_lock(&kvm->slots_lock); 854 852 switch (attr->attr) { 855 853 case KVM_S390_VM_MIGRATION_START: 856 - idx = srcu_read_lock(&kvm->srcu); 857 854 res = kvm_s390_vm_start_migration(kvm); 858 - srcu_read_unlock(&kvm->srcu, idx); 859 855 break; 860 856 case KVM_S390_VM_MIGRATION_STOP: 861 857 res = kvm_s390_vm_stop_migration(kvm); ··· 861 861 default: 862 862 break; 863 863 } 864 - mutex_unlock(&kvm->lock); 864 + mutex_unlock(&kvm->slots_lock); 865 865 866 866 return res; 867 867 } ··· 1751 1751 r = -EFAULT; 1752 1752 if (copy_from_user(&args, argp, sizeof(args))) 1753 1753 break; 1754 + mutex_lock(&kvm->slots_lock); 1754 1755 r = kvm_s390_get_cmma_bits(kvm, &args); 1756 + mutex_unlock(&kvm->slots_lock); 1755 1757 if (!r) { 1756 1758 r = copy_to_user(argp, &args, sizeof(args)); 1757 1759 if (r) ··· 1767 1765 r = -EFAULT; 1768 1766 if (copy_from_user(&args, argp, sizeof(args))) 1769 1767 break; 1768 + mutex_lock(&kvm->slots_lock); 1770 1769 r = kvm_s390_set_cmma_bits(kvm, &args); 1770 + mutex_unlock(&kvm->slots_lock); 1771 1771 break; 1772 1772 } 1773 1773 default: