linux/arch/s390
Claudio Imbrenda cff59d8631 s390/uv: Panic for set and remove shared access UVC errors
The return value uv_set_shared() and uv_remove_shared() (which are
wrappers around the share() function) is not always checked. The system
integrity of a protected guest depends on the Share and Unshare UVCs
being successful. This means that any caller that fails to check the
return value will compromise the security of the protected guest.

No code path that would lead to such violation of the security
guarantees is currently exercised, since all the areas that are shared
never get unshared during the lifetime of the system. This might
change and become an issue in the future.

The Share and Unshare UVCs can only fail in case of hypervisor
misbehaviour (either a bug or malicious behaviour). In such cases there
is no reasonable way forward, and the system needs to panic.

This patch replaces the return at the end of the share() function with
a panic, to guarantee system integrity.

Fixes: 5abb9351df ("s390/uv: introduce guest side ultravisor code")
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: Steffen Eiden <seiden@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Link: https://lore.kernel.org/r/20240801112548.85303-1-imbrenda@linux.ibm.com
Message-ID: <20240801112548.85303-1-imbrenda@linux.ibm.com>
[frankja@linux.ibm.com: Fixed up patch subject]
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
2024-08-07 11:04:43 +00:00
..
appldata sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
boot more s390 updates for 6.11 merge window 2024-07-26 10:47:53 -07:00
configs s390: Remove protvirt and kvm config guards for uv code 2024-07-23 16:02:33 +02:00
crypto s390/crc32: Add missing MODULE_DESCRIPTION() macro 2024-06-28 14:52:30 +02:00
hypfs s390/hypfs_diag: Diag204 busy loop 2024-07-10 19:50:45 +02:00
include s390/uv: Panic for set and remove shared access UVC errors 2024-08-07 11:04:43 +00:00
kernel s390/vmlinux.lds.S: Move ro_after_init section behind rodata section 2024-07-31 16:30:20 +02:00
kvm KVM: s390: fix validity interception issue when gisa is switched off 2024-08-06 06:33:18 +00:00
lib s390/alternatives: Rework to allow for callbacks 2024-07-23 16:02:31 +02:00
mm s390: Keep inittext section writable 2024-07-31 16:30:20 +02:00
net s390/bpf: Implement exceptions 2024-07-08 16:39:35 +02:00
pci s390/pci: Allow allocation of more than 1 MSI interrupt 2024-07-23 15:54:58 +02:00
purgatory Makefile: remove redundant tool coverage variables 2024-05-14 23:35:48 +09:00
tools s390/boot: Rework deployment of the kernel image 2024-04-17 13:38:02 +02:00
Kbuild
Kconfig s390: Remove protvirt and kvm config guards for uv code 2024-07-23 16:02:33 +02:00
Kconfig.debug
Makefile s390: use a larger stack for KMSAN 2024-07-03 19:30:24 -07:00