[RFC,27/37] KVM: s390: protvirt: SIGP handling

Message ID	20191024114059.102802-28-frankja@linux.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=LVJf=YR=vger.kernel.org=kvm-owner@kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <kvm@vger.kernel.org> from <frankja@linux.ibm.com>; Thu, 24 Oct 2019 12:42:34 +0100 Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 24 Oct 2019 12:42:32 +0100 From: Janosch Frank <frankja@linux.ibm.com> To: kvm@vger.kernel.org Cc: linux-s390@vger.kernel.org, thuth@redhat.com, david@redhat.com, borntraeger@de.ibm.com, imbrenda@linux.ibm.com, mihajlov@linux.ibm.com, mimu@linux.ibm.com, cohuck@redhat.com, gor@linux.ibm.com, frankja@linux.ibm.com Subject: [RFC 27/37] KVM: s390: protvirt: SIGP handling Date: Thu, 24 Oct 2019 07:40:49 -0400 In-Reply-To: <20191024114059.102802-1-frankja@linux.ibm.com> References: <20191024114059.102802-1-frankja@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20191024114059.102802-28-frankja@linux.ibm.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	KVM: s390: Add support for protected VMs \| expand [RFC,00/37] KVM: s390: Add support for protected VMs [RFC,01/37] DOCUMENTATION: protvirt: Protected virtual machine introduction [RFC,02/37] s390/protvirt: introduce host side setup [RFC,03/37] s390/protvirt: add ultravisor initialization [RFC,04/37] KVM: s390: protvirt: Add initial lifecycle handling [RFC,05/37] s390: KVM: Export PV handle to gmap [RFC,06/37] s390: UV: Add import and export to UV library [RFC,07/37] KVM: s390: protvirt: Secure memory is not mergeable [RFC,08/37] KVM: s390: add missing include in gmap.h [RFC,09/37] KVM: s390: protvirt: Implement on-demand pinning [RFC,10/37] s390: add (non)secure page access exceptions handlers [RFC,11/37] DOCUMENTATION: protvirt: Interrupt injection [RFC,12/37] KVM: s390: protvirt: Handle SE notification interceptions [RFC,13/37] KVM: s390: protvirt: Add interruption injection controls [RFC,14/37] KVM: s390: protvirt: Implement interruption injection [RFC,15/37] KVM: s390: protvirt: Add machine-check interruption injection controls [RFC,16/37] KVM: s390: protvirt: Implement machine-check interruption injection [RFC,17/37] DOCUMENTATION: protvirt: Instruction emulation [RFC,18/37] KVM: s390: protvirt: Handle spec exception loops [RFC,19/37] KVM: s390: protvirt: Add new gprs location handling [RFC,20/37] KVM: S390: protvirt: Introduce instruction data area bounce buffer [RFC,21/37] KVM: S390: protvirt: Instruction emulation [RFC,22/37] KVM: s390: protvirt: Add SCLP handling [RFC,23/37] KVM: s390: protvirt: Make sure prefix is always protected [RFC,24/37] KVM: s390: protvirt: Write sthyi data to instruction data area [RFC,25/37] KVM: s390: protvirt: STSI handling [RFC,26/37] KVM: s390: protvirt: Only sync fmt4 registers [RFC,27/37] KVM: s390: protvirt: SIGP handling [RFC,28/37] KVM: s390: protvirt: Add program exception injection [RFC,29/37] KVM: s390: protvirt: Sync pv state [RFC,30/37] DOCUMENTATION: protvirt: Diag 308 IPL [RFC,31/37] KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling [RFC,32/37] KVM: s390: protvirt: UV calls diag308 0, 1 [RFC,33/37] KVM: s390: Introduce VCPU reset IOCTL [RFC,34/37] KVM: s390: protvirt: Report CPU state to Ultravisor [RFC,35/37] KVM: s390: Fix cpu reset local IRQ clearing [RFC,36/37] KVM: s390: protvirt: Support cmd 5 operation state [RFC,37/37] KVM: s390: protvirt: Add UV debug trace

Message ID

20191024114059.102802-28-frankja@linux.ibm.com (mailing list archive)

State

New, archived

Headers

From: Janosch Frank <frankja@linux.ibm.com>
To: kvm@vger.kernel.org
Cc: linux-s390@vger.kernel.org, thuth@redhat.com, david@redhat.com,
        borntraeger@de.ibm.com, imbrenda@linux.ibm.com,
        mihajlov@linux.ibm.com, mimu@linux.ibm.com, cohuck@redhat.com,
        gor@linux.ibm.com, frankja@linux.ibm.com
Subject: [RFC 27/37] KVM: s390: protvirt: SIGP handling
Date: Thu, 24 Oct 2019 07:40:49 -0400
In-Reply-To: <20191024114059.102802-1-frankja@linux.ibm.com>
References: <20191024114059.102802-1-frankja@linux.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20191024114059.102802-28-frankja@linux.ibm.com>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

KVM: s390: Add support for protected VMs | expand

Comments

David Hildenbrand Oct. 30, 2019, 6:29 p.m. UTC | #1

On 24.10.19 13:40, Janosch Frank wrote:
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>

Can you add why this is necessary and how handle_stop() is intended to 
work in prot mode?

How is SIGP handled in general in prot mode? (which intercepts are 
handled by QEMU)
Would it be valid for user space to inject a STOP interrupt with "flags 
& KVM_S390_STOP_FLAG_STORE_STATUS" - I think not (legacy QEMU only)

I think we should rather disallow injecting such stop interrupts 
(KVM_S390_STOP_FLAG_STORE_STATUS) in prot mode in the first place. Also, 
we should disallow prot virt without user_sigp.

> ---
>   arch/s390/kvm/intercept.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
> index 37cb62bc261b..a89738e4f761 100644
> --- a/arch/s390/kvm/intercept.c
> +++ b/arch/s390/kvm/intercept.c
> @@ -72,7 +72,8 @@ static int handle_stop(struct kvm_vcpu *vcpu)
>   	if (!stop_pending)
>   		return 0;
>   
> -	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS) {
> +	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS &&
> +	    !kvm_s390_pv_is_protected(vcpu->kvm)) {
>   		rc = kvm_s390_vcpu_store_status(vcpu,
>   						KVM_S390_STORE_STATUS_NOADDR);
>   		if (rc)
>

Thomas Huth Nov. 15, 2019, 11:15 a.m. UTC | #2

On 24/10/2019 13.40, Janosch Frank wrote:
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> ---
>  arch/s390/kvm/intercept.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
> index 37cb62bc261b..a89738e4f761 100644
> --- a/arch/s390/kvm/intercept.c
> +++ b/arch/s390/kvm/intercept.c
> @@ -72,7 +72,8 @@ static int handle_stop(struct kvm_vcpu *vcpu)
>  	if (!stop_pending)
>  		return 0;
>  
> -	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS) {
> +	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS &&
> +	    !kvm_s390_pv_is_protected(vcpu->kvm)) {
>  		rc = kvm_s390_vcpu_store_status(vcpu,
>  						KVM_S390_STORE_STATUS_NOADDR);
>  		if (rc)

Can this still happen at all that we get here with
KVM_S390_STOP_FLAG_STORE_STATUS in the protected case? I'd rather expect
that SIGP is completely handled by the UV already, so userspace should
have no need to inject a SIGP_STOP anymore? Or did I get that wrong?

Anyway, I guess it can not hurt to add this check anyway, so:

Reviewed-by: Thomas Huth <thuth@redhat.com>

diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index 37cb62bc261b..a89738e4f761 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -72,7 +72,8 @@  static int handle_stop(struct kvm_vcpu *vcpu)
 	if (!stop_pending)
 		return 0;
 
-	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS) {
+	if (flags & KVM_S390_STOP_FLAG_STORE_STATUS &&
+	    !kvm_s390_pv_is_protected(vcpu->kvm)) {
 		rc = kvm_s390_vcpu_store_status(vcpu,
 						KVM_S390_STORE_STATUS_NOADDR);
 		if (rc)

[RFC,27/37] KVM: s390: protvirt: SIGP handling

Commit Message

Comments

Patch