Commit 0ba8141f authored by Martin Schwidefsky's avatar Martin Schwidefsky

Merge tag 'vfio-ccw-20190311' of...

Merge tag 'vfio-ccw-20190311' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into fixes

Pull vfio-ccw from Cornelia Huck with the following changes:

 - Fix a host crash triggerable by the guest via a channel program.
parents 152e9b86 50b7f1b7
...@@ -72,12 +72,16 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work) ...@@ -72,12 +72,16 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work)
{ {
struct vfio_ccw_private *private; struct vfio_ccw_private *private;
struct irb *irb; struct irb *irb;
bool is_final;
private = container_of(work, struct vfio_ccw_private, io_work); private = container_of(work, struct vfio_ccw_private, io_work);
irb = &private->irb; irb = &private->irb;
is_final = !(scsw_actl(&irb->scsw) &
(SCSW_ACTL_DEVACT | SCSW_ACTL_SCHACT));
if (scsw_is_solicited(&irb->scsw)) { if (scsw_is_solicited(&irb->scsw)) {
cp_update_scsw(&private->cp, &irb->scsw); cp_update_scsw(&private->cp, &irb->scsw);
if (is_final)
cp_free(&private->cp); cp_free(&private->cp);
} }
memcpy(private->io_region->irb_area, irb, sizeof(*irb)); memcpy(private->io_region->irb_area, irb, sizeof(*irb));
...@@ -85,7 +89,7 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work) ...@@ -85,7 +89,7 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work)
if (private->io_trigger) if (private->io_trigger)
eventfd_signal(private->io_trigger, 1); eventfd_signal(private->io_trigger, 1);
if (private->mdev) if (private->mdev && is_final)
private->state = VFIO_CCW_STATE_IDLE; private->state = VFIO_CCW_STATE_IDLE;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment