[GIT,PULL,23/36] KVM: s390: protvirt: disallow one_reg

Message ID	20200309085126.3334302-24-borntraeger@de.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=BDOO=42=vger.kernel.org=kvm-owner@kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <kvm@vger.kernel.org> from <borntraeger@de.ibm.com>; Mon, 9 Mar 2020 08:51:40 -0000 Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 9 Mar 2020 08:51:37 -0000 From: Christian Borntraeger <borntraeger@de.ibm.com> To: Paolo Bonzini <pbonzini@redhat.com> Cc: KVM <kvm@vger.kernel.org>, Janosch Frank <frankja@linux.vnet.ibm.com>, David Hildenbrand <david@redhat.com>, Claudio Imbrenda <imbrenda@linux.ibm.com>, Cornelia Huck <cohuck@redhat.com>, Michael Mueller <mimu@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Ulrich Weigand <uweigand@de.ibm.com>, linux-s390 <linux-s390@vger.kernel.org>, Heiko Carstens <heiko.carstens@de.ibm.com> Subject: [GIT PULL 23/36] KVM: s390: protvirt: disallow one_reg Date: Mon, 9 Mar 2020 09:51:13 +0100 In-Reply-To: <20200309085126.3334302-1-borntraeger@de.ibm.com> References: <20200309085126.3334302-1-borntraeger@de.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <20200309085126.3334302-24-borntraeger@de.ibm.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	[GIT,PULL,01/36] s390/protvirt: introduce host side setup \| expand [GIT,PULL,01/36] s390/protvirt: introduce host side setup [GIT,PULL,02/36] s390/protvirt: add ultravisor initialization [GIT,PULL,03/36] s390/mm: provide memory management functions for protected KVM guests [GIT,PULL,04/36] s390/mm: add (non)secure page access exceptions handlers [GIT,PULL,05/36] s390/protvirt: Add sysfs firmware interface for Ultravisor information [GIT,PULL,06/36] KVM: s390/interrupt: do not pin adapter interrupt pages [GIT,PULL,07/36] KVM: s390: protvirt: Add UV debug trace [GIT,PULL,08/36] KVM: s390: add new variants of UV CALL [GIT,PULL,09/36] KVM: s390: protvirt: Add initial vm and cpu lifecycle handling [GIT,PULL,10/36] KVM: s390: protvirt: Secure memory is not mergeable [GIT,PULL,11/36] KVM: s390/mm: Make pages accessible before destroying the guest [GIT,PULL,12/36] KVM: s390: protvirt: Handle SE notification interceptions [GIT,PULL,13/36] KVM: s390: protvirt: Instruction emulation [GIT,PULL,14/36] KVM: s390: protvirt: Implement interrupt injection [GIT,PULL,15/36] KVM: s390: protvirt: Add SCLP interrupt handling [GIT,PULL,16/36] KVM: s390: protvirt: Handle spec exception loops [GIT,PULL,17/36] KVM: s390: protvirt: Add new gprs location handling [GIT,PULL,18/36] KVM: S390: protvirt: Introduce instruction data area bounce buffer [GIT,PULL,19/36] KVM: s390: protvirt: handle secure guest prefix pages [GIT,PULL,20/36] KVM: s390/mm: handle guest unpin events [GIT,PULL,21/36] KVM: s390: protvirt: Write sthyi data to instruction data area [GIT,PULL,22/36] KVM: s390: protvirt: STSI handling [GIT,PULL,23/36] KVM: s390: protvirt: disallow one_reg [GIT,PULL,24/36] KVM: s390: protvirt: Do only reset registers that are accessible [GIT,PULL,25/36] KVM: s390: protvirt: Only sync fmt4 registers [GIT,PULL,26/36] KVM: s390: protvirt: Add program exception injection [GIT,PULL,27/36] KVM: s390: protvirt: UV calls in support of diag308 0, 1 [GIT,PULL,28/36] KVM: s390: protvirt: Report CPU state to Ultravisor [GIT,PULL,29/36] KVM: s390: protvirt: Support cmd 5 operation state [GIT,PULL,30/36] KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 [GIT,PULL,31/36] KVM: s390: protvirt: do not inject interrupts after start [GIT,PULL,32/36] KVM: s390: protvirt: Add UV cpu reset calls [GIT,PULL,33/36] DOCUMENTATION: Protected virtual machine introduction and IPL [GIT,PULL,34/36] KVM: s390: protvirt: introduce and enable KVM_CAP_S390_PROTECTED [GIT,PULL,35/36] KVM: s390: protvirt: Add KVM api documentation [GIT,PULL,36/36] KVM: s390: introduce module parameter kvm.use_gisa

Message ID

20200309085126.3334302-24-borntraeger@de.ibm.com (mailing list archive)

State

New, archived

Headers

From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: KVM <kvm@vger.kernel.org>,
        Janosch Frank <frankja@linux.vnet.ibm.com>,
        David Hildenbrand <david@redhat.com>,
        Claudio Imbrenda <imbrenda@linux.ibm.com>,
        Cornelia Huck <cohuck@redhat.com>,
        Michael Mueller <mimu@linux.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>,
        Ulrich Weigand <uweigand@de.ibm.com>,
        linux-s390 <linux-s390@vger.kernel.org>,
        Heiko Carstens <heiko.carstens@de.ibm.com>
Subject: [GIT PULL 23/36] KVM: s390: protvirt: disallow one_reg
Date: Mon,  9 Mar 2020 09:51:13 +0100
In-Reply-To: <20200309085126.3334302-1-borntraeger@de.ibm.com>
References: <20200309085126.3334302-1-borntraeger@de.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-Id: <20200309085126.3334302-24-borntraeger@de.ibm.com>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

[GIT,PULL,01/36] s390/protvirt: introduce host side setup | expand

Commit Message

Christian Borntraeger March 9, 2020, 8:51 a.m. UTC

From: Janosch Frank <frankja@linux.ibm.com>

A lot of the registers are controlled by the Ultravisor and never
visible to KVM. Some fields in the sie control block are overlayed, like
gbea. As no known userspace uses the ONE_REG interface on s390 if sync
regs are available, no functionality is lost if it is disabled for
protected guests.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
[borntraeger@de.ibm.com: patch merging, splitting, fixing]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 Documentation/virt/kvm/api.rst | 6 ++++--
 arch/s390/kvm/kvm-s390.c       | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 97a72a53fa4b..7505d7a6c0d8 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -2117,7 +2117,8 @@  Errors:
 
   ======   ============================================================
   ENOENT   no such register
-  EINVAL   invalid register ID, or no such register
+  EINVAL   invalid register ID, or no such register or used with VMs in
+           protected virtualization mode on s390
   EPERM    (arm64) register access not allowed before vcpu finalization
   ======   ============================================================
 
@@ -2552,7 +2553,8 @@  Errors include:
 
   ======== ============================================================
   ENOENT   no such register
-  EINVAL   invalid register ID, or no such register
+  EINVAL   invalid register ID, or no such register or used with VMs in
+           protected virtualization mode on s390
   EPERM    (arm64) register access not allowed before vcpu finalization
   ======== ============================================================
 
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index efbbcd2948a3..797b4031ed4d 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -4674,6 +4674,9 @@  long kvm_arch_vcpu_ioctl(struct file *filp,
 	case KVM_SET_ONE_REG:
 	case KVM_GET_ONE_REG: {
 		struct kvm_one_reg reg;
+		r = -EINVAL;
+		if (kvm_s390_pv_cpu_is_protected(vcpu))
+			break;
 		r = -EFAULT;
 		if (copy_from_user(&reg, argp, sizeof(reg)))
 			break;

[GIT,PULL,23/36] KVM: s390: protvirt: disallow one_reg

Commit Message

Patch