KVM: s390: Check for access exceptions during TPI
authorThomas Huth <thuth@linux.vnet.ibm.com>
Thu, 20 Jun 2013 15:22:03 +0000 (17:22 +0200)
committerPaolo Bonzini <pbonzini@redhat.com>
Thu, 20 Jun 2013 21:32:13 +0000 (23:32 +0200)
When a guest calls the TPI instruction, the second operand address could
point to an invalid location. In this case the problem should be signaled
to the guest by throwing an access exception.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/s390/kvm/priv.c

index 0b19e22269558f6751594a2ebb256378f1b729db..4b8fb6cc3c45d00f980173c5c8a5213d04ef8fdb 100644 (file)
@@ -146,9 +146,10 @@ static int handle_tpi(struct kvm_vcpu *vcpu)
                 * Store the two-word I/O interruption code into the
                 * provided area.
                 */
-               put_guest(vcpu, inti->io.subchannel_id, (u16 __user *) addr);
-               put_guest(vcpu, inti->io.subchannel_nr, (u16 __user *) (addr + 2));
-               put_guest(vcpu, inti->io.io_int_parm, (u32 __user *) (addr + 4));
+               if (put_guest(vcpu, inti->io.subchannel_id, (u16 __user *)addr)
+                   || put_guest(vcpu, inti->io.subchannel_nr, (u16 __user *)(addr + 2))
+                   || put_guest(vcpu, inti->io.io_int_parm, (u32 __user *)(addr + 4)))
+                       return kvm_s390_inject_program_int(vcpu, PGM_ADDRESSING);
        } else {
                /*
                 * Store the three-word I/O interruption code into