summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRadim Krčmář <rkrcmar@redhat.com>2018-01-06 17:26:37 +0100
committerRadim Krčmář <rkrcmar@redhat.com>2018-01-06 17:26:37 +0100
commitbb4945e60dd0b5afb0e92bc8006ce560948fbc39 (patch)
treef36c0f1d00219c376d8ce3ada92e32ba0ec97eb9
parent0cb5b30698fdc8f6b4646012e3acb4ddce430788 (diff)
parentc2cf265d860882b51a200e4a7553c17827f2b730 (diff)
downloadlwn-bb4945e60dd0b5afb0e92bc8006ce560948fbc39.tar.gz
lwn-bb4945e60dd0b5afb0e92bc8006ce560948fbc39.zip
Merge tag 'kvm-s390-master-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux
KVM: s390: fixes for cmma migration Two fixes for potential bitmap overruns in the cmma migration code.
-rw-r--r--arch/s390/kvm/kvm-s390.c9
-rw-r--r--arch/s390/kvm/priv.c2
2 files changed, 6 insertions, 5 deletions
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index ec8b68e97d3c..2c93cbbcd15e 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -792,11 +792,12 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm)
if (kvm->arch.use_cmma) {
/*
- * Get the last slot. They should be sorted by base_gfn, so the
- * last slot is also the one at the end of the address space.
- * We have verified above that at least one slot is present.
+ * Get the first slot. They are reverse sorted by base_gfn, so
+ * the first slot is also the one at the end of the address
+ * space. We have verified above that at least one slot is
+ * present.
*/
- ms = slots->memslots + slots->used_slots - 1;
+ ms = slots->memslots;
/* round up so we only use full longs */
ram_pages = roundup(ms->base_gfn + ms->npages, BITS_PER_LONG);
/* allocate enough bytes to store all the bits */
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 572496c688cc..0714bfa56da0 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -1006,7 +1006,7 @@ static inline int do_essa(struct kvm_vcpu *vcpu, const int orc)
cbrlo[entries] = gfn << PAGE_SHIFT;
}
- if (orc) {
+ if (orc && gfn < ms->bitmap_size) {
/* increment only if we are really flipping the bit to 1 */
if (!test_and_set_bit(gfn, ms->pgste_bitmap))
atomic64_inc(&ms->dirty_pages);