| Message ID | 20200207113958.7320-25-borntraeger@de.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: s390: Add support for protected VMs | expand |
On Fri, 7 Feb 2020 06:39:47 -0500 Christian Borntraeger <borntraeger@de.ibm.com> wrote: > From: Janosch Frank <frankja@linux.ibm.com> > > A lot of the registers are controlled by the Ultravisor and never > visible to KVM. Some fields in the sie control block are overlayed, > like gbea. As no userspace uses the ONE_REG interface on s390 it is safe > to disable this for protected guests. Last round, I suggested "As no known userspace uses the ONE_REG interface on s390 if sync regs are available, no functionality is lost if it is disabled for protected guests." Any opinion on that? > > Signed-off-by: Janosch Frank <frankja@linux.ibm.com> > Reviewed-by: Thomas Huth <thuth@redhat.com> > Reviewed-by: Cornelia Huck <cohuck@redhat.com> > [borntraeger@de.ibm.com: patch merging, splitting, fixing] > Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> > --- > Documentation/virt/kvm/api.txt | 6 ++++-- > arch/s390/kvm/kvm-s390.c | 3 +++ > 2 files changed, 7 insertions(+), 2 deletions(-)
On 10.02.20 18:53, Cornelia Huck wrote: > On Fri, 7 Feb 2020 06:39:47 -0500 > Christian Borntraeger <borntraeger@de.ibm.com> wrote: > >> From: Janosch Frank <frankja@linux.ibm.com> >> >> A lot of the registers are controlled by the Ultravisor and never >> visible to KVM. Some fields in the sie control block are overlayed, >> like gbea. As no userspace uses the ONE_REG interface on s390 it is safe >> to disable this for protected guests. > > Last round, I suggested > > "As no known userspace uses the ONE_REG interface on s390 if sync regs > are available, no functionality is lost if it is disabled for protected > guests." If you think this variant is better I can use this, I am fine with either. > > Any opinion on that? > >> >> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> >> Reviewed-by: Thomas Huth <thuth@redhat.com> >> Reviewed-by: Cornelia Huck <cohuck@redhat.com> >> [borntraeger@de.ibm.com: patch merging, splitting, fixing] >> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> >> --- >> Documentation/virt/kvm/api.txt | 6 ++++-- >> arch/s390/kvm/kvm-s390.c | 3 +++ >> 2 files changed, 7 insertions(+), 2 deletions(-) >
On Mon, 10 Feb 2020 19:34:56 +0100 Christian Borntraeger <borntraeger@de.ibm.com> wrote: > On 10.02.20 18:53, Cornelia Huck wrote: > > On Fri, 7 Feb 2020 06:39:47 -0500 > > Christian Borntraeger <borntraeger@de.ibm.com> wrote: > > > >> From: Janosch Frank <frankja@linux.ibm.com> > >> > >> A lot of the registers are controlled by the Ultravisor and never > >> visible to KVM. Some fields in the sie control block are overlayed, > >> like gbea. As no userspace uses the ONE_REG interface on s390 it is safe > >> to disable this for protected guests. > > > > Last round, I suggested > > > > "As no known userspace uses the ONE_REG interface on s390 if sync regs > > are available, no functionality is lost if it is disabled for protected > > guests." > > If you think this variant is better I can use this, I am fine with either. Well, yes :) I was afraid that it fell through the cracks. > > > > Any opinion on that? > > > >> > >> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> > >> Reviewed-by: Thomas Huth <thuth@redhat.com> > >> Reviewed-by: Cornelia Huck <cohuck@redhat.com> > >> [borntraeger@de.ibm.com: patch merging, splitting, fixing] > >> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> > >> --- > >> Documentation/virt/kvm/api.txt | 6 ++++-- > >> arch/s390/kvm/kvm-s390.c | 3 +++ > >> 2 files changed, 7 insertions(+), 2 deletions(-) > > >
diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt index 4874d42286ca..4bee7c023426 100644 --- a/Documentation/virt/kvm/api.txt +++ b/Documentation/virt/kvm/api.txt @@ -1918,7 +1918,8 @@ Parameters: struct kvm_one_reg (in) Returns: 0 on success, negative value on failure Errors: ENOENT: no such register - EINVAL: invalid register ID, or no such register + EINVAL: invalid register ID, or no such register, ONE_REG forbidden + for protected guests (s390). EPERM: (arm64) register access not allowed before vcpu finalization (These error codes are indicative only: do not rely on a specific error code being returned in a specific situation.) @@ -2311,7 +2312,8 @@ Parameters: struct kvm_one_reg (in and out) Returns: 0 on success, negative value on failure Errors include: ENOENT: no such register - EINVAL: invalid register ID, or no such register + EINVAL: invalid register ID, or no such register, ONE_REG forbidden + for protected guests (s390) EPERM: (arm64) register access not allowed before vcpu finalization (These error codes are indicative only: do not rely on a specific error code being returned in a specific situation.) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 63d158149936..f995040102ea 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -4649,6 +4649,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, case KVM_SET_ONE_REG: case KVM_GET_ONE_REG: { struct kvm_one_reg reg; + r = -EINVAL; + if (kvm_s390_pv_is_protected(vcpu->kvm)) + break; r = -EFAULT; if (copy_from_user(®, argp, sizeof(reg))) break;