• Eric Farman's avatar
    s390/cio: Allow zero-length CCWs in vfio-ccw · 453eac31
    Eric Farman authored
    It is possible that a guest might issue a CCW with a length of zero,
    and will expect a particular response.  Consider this chain:
    
       Address   Format-1 CCW
       --------  -----------------
     0 33110EC0  346022CC 33177468
     1 33110EC8  CF200000 3318300C
    
    CCW[0] moves a little more than two pages, but also has the
    Suppress Length Indication (SLI) bit set to handle the expectation
    that considerably less data will be moved.  CCW[1] also has the SLI
    bit set, and has a length of zero.  Once vfio-ccw does its magic,
    the kernel issues a start subchannel on behalf of the guest with this:
    
       Address   Format-1 CCW
       --------  -----------------
     0 021EDED0  346422CC 021F0000
     1 021EDED8  CF240000 3318300C
    
    Both CCWs were converted to an IDAL and have the corresponding flags
    set (which is by design), but only the address of the first data
    address is converted to something the host is aware of.  The second
    CCW still has the address used by the guest, which happens to be (A)
    (probably) an invalid address for the host, and (B) an invalid IDAW
    address (doubleword boundary, etc.).
    
    While the I/O fails, it doesn't fail correctly.  In this example, we
    would receive a program check for an invalid IDAW address, instead of
    a unit check for an invalid command.
    
    To fix this, revert commit 4cebc5d6 ("vfio: ccw: validate the
    count field of a ccw before pinning") and allow the individual fetch
    routines to process them like anything else.  We'll make a slight
    adjustment to our allocation of the pfn_array (for direct CCWs) or
    IDAL (for IDAL CCWs) memory, so that we have room for at least one
    address even though no guest memory will be pinned and thus the
    IDAW will not be populated with a host address.
    Signed-off-by: default avatarEric Farman <farman@linux.ibm.com>
    Message-Id: <20190516161403.79053-3-farman@linux.ibm.com>
    Acked-by: default avatarFarhan Ali <alifm@linux.ibm.com>
    Signed-off-by: default avatarCornelia Huck <cohuck@redhat.com>
    453eac31
vfio_ccw_cp.c 23.7 KB