Merge tag 'kvm-s390-kernel-access' from emailed bundle

Pull s390 kvm fix from Christian Borntraeger: "Add missing check for the MEMOP ioctl The SIDA MEMOPs must only be used for secure guests, otherwise userspace can do unwanted memory accesses" * tag 'kvm-s390-kernel-access' from emailed bundle: KVM: s390: Return error on SIDA memop on normal guest
2025-07-23 20:51:03 +02:00 · 2022-02-09 09:14:22 -08:00
parent e6251ab455 2c212e1bae
commit 09a93c1df3
1 changed files with 2 additions and 0 deletions
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -4667,6 +4667,8 @@ static long kvm_s390_guest_sida_op(struct kvm_vcpu *vcpu,
 		return -EINVAL;
 	if (mop->size + mop->sida_offset > sida_size(vcpu->arch.sie_block))
 		return -E2BIG;
+	if (!kvm_s390_pv_cpu_is_protected(vcpu))
+		return -EINVAL;

 	switch (mop->op) {
 	case KVM_S390_MEMOP_SIDA_READ: