From: Vasily Gorbik <gor@linux.ibm.com>
Date: Mon, 1 Apr 2019 19:11:08 +0200
Subject: s390/protvirt: block kernel command line alteration
Git-commit: 093ddccb55157f909f203f9e50bce0c24431e791
Patch-mainline: v5.2-rc1
References: jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151
Disallow kernel command line alteration via ipl parameter block if
running in protected virtualization environment.
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Acked-by: Petr Tesarik <ptesarik@suse.com>
[ ptesarik: Added SLE modifications by IBM's Vasily Gorbik, because
SLE15-SP1 does not contain these upstream commits:
49698745e53c417370ac5cfe8b849bb65d62f129 ]
---
arch/s390/kernel/early.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/s390/kernel/early.c
+++ b/arch/s390/kernel/early.c
@@ -542,6 +542,9 @@ static void __init setup_boot_command_li
strlcpy(boot_command_line, strstrip(COMMAND_LINE),
ARCH_COMMAND_LINE_SIZE);
+ if (is_prot_virt_guest())
+ return;
+
/* append IPL PARM data to the boot command line */
if (MACHINE_IS_VM)
append_to_cmdline(append_ipl_vmparm);