diff mbox series

[v4,24/36] KVM: s390: protvirt: Do only reset registers that are accessible

Message ID 20200224114107.4646-25-borntraeger@de.ibm.com (mailing list archive)
State New, archived
Headers show
Series KVM: s390: Add support for protected VMs | expand

Commit Message

Christian Borntraeger Feb. 24, 2020, 11:40 a.m. UTC 
From: Janosch Frank <frankja@linux.ibm.com>

For protected VMs the hypervisor can not access guest breaking event
address, program parameter, bpbc and todpr. Do not reset those fields
as the control block does not provide access to these fields.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
[borntraeger@de.ibm.com: patch merging, splitting, fixing]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/kvm/kvm-s390.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Cornelia Huck Feb. 25, 2020, 12:32 p.m. UTC | #1 
On Mon, 24 Feb 2020 06:40:55 -0500
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> From: Janosch Frank <frankja@linux.ibm.com>
> 
> For protected VMs the hypervisor can not access guest breaking event
> address, program parameter, bpbc and todpr. Do not reset those fields
> as the control block does not provide access to these fields.
> 
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>
> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 6ab4c88f2e1d..c734e89235f9 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
>  	kvm_s390_set_prefix(vcpu, 0);
>  	kvm_s390_set_cpu_timer(vcpu, 0);
>  	vcpu->arch.sie_block->ckc = 0;
> -	vcpu->arch.sie_block->todpr = 0;
>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
>  	vcpu->run->s.regs.fpc = 0;
> -	vcpu->arch.sie_block->gbea = 1;
> -	vcpu->arch.sie_block->pp = 0;
> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
> +		vcpu->arch.sie_block->gbea = 1;
> +		vcpu->arch.sie_block->pp = 0;
> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> +		vcpu->arch.sie_block->todpr = 0;

What happens if we do change those values? Is it just ignored or will
we get an exception on the next SIE entry?

> +	}
>  }
>  
>  static void kvm_arch_vcpu_ioctl_clear_reset(struct kvm_vcpu *vcpu)
Janosch Frank Feb. 25, 2020, 12:51 p.m. UTC | #2 
On 2/25/20 1:32 PM, Cornelia Huck wrote:
> On Mon, 24 Feb 2020 06:40:55 -0500
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> From: Janosch Frank <frankja@linux.ibm.com>
>>
>> For protected VMs the hypervisor can not access guest breaking event
>> address, program parameter, bpbc and todpr. Do not reset those fields
>> as the control block does not provide access to these fields.
>>
>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
>> Reviewed-by: David Hildenbrand <david@redhat.com>
>> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> ---
>>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>> index 6ab4c88f2e1d..c734e89235f9 100644
>> --- a/arch/s390/kvm/kvm-s390.c
>> +++ b/arch/s390/kvm/kvm-s390.c
>> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
>>  	kvm_s390_set_prefix(vcpu, 0);
>>  	kvm_s390_set_cpu_timer(vcpu, 0);
>>  	vcpu->arch.sie_block->ckc = 0;
>> -	vcpu->arch.sie_block->todpr = 0;
>>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
>>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
>>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
>>  	vcpu->run->s.regs.fpc = 0;
>> -	vcpu->arch.sie_block->gbea = 1;
>> -	vcpu->arch.sie_block->pp = 0;
>> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
>> +		vcpu->arch.sie_block->gbea = 1;
>> +		vcpu->arch.sie_block->pp = 0;
>> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>> +		vcpu->arch.sie_block->todpr = 0;
> 
> What happens if we do change those values? Is it just ignored or will
> we get an exception on the next SIE entry?

Well, changing gbea is a bad idea because of the sida overlay.
I don't think that any other is checked, but I'd need to look up the
todpr changes to be completely sure.

> 
>> +	}
>>  }
>>  
>>  static void kvm_arch_vcpu_ioctl_clear_reset(struct kvm_vcpu *vcpu)
>
Cornelia Huck Feb. 25, 2020, 1:06 p.m. UTC | #3 
On Tue, 25 Feb 2020 13:51:12 +0100
Janosch Frank <frankja@linux.ibm.com> wrote:

> On 2/25/20 1:32 PM, Cornelia Huck wrote:
> > On Mon, 24 Feb 2020 06:40:55 -0500
> > Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> >   
> >> From: Janosch Frank <frankja@linux.ibm.com>
> >>
> >> For protected VMs the hypervisor can not access guest breaking event
> >> address, program parameter, bpbc and todpr. Do not reset those fields
> >> as the control block does not provide access to these fields.
> >>
> >> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> >> Reviewed-by: David Hildenbrand <david@redhat.com>
> >> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
> >> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> >> ---
> >>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
> >>  1 file changed, 6 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> >> index 6ab4c88f2e1d..c734e89235f9 100644
> >> --- a/arch/s390/kvm/kvm-s390.c
> >> +++ b/arch/s390/kvm/kvm-s390.c
> >> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
> >>  	kvm_s390_set_prefix(vcpu, 0);
> >>  	kvm_s390_set_cpu_timer(vcpu, 0);
> >>  	vcpu->arch.sie_block->ckc = 0;
> >> -	vcpu->arch.sie_block->todpr = 0;
> >>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
> >>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
> >>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
> >>  	vcpu->run->s.regs.fpc = 0;
> >> -	vcpu->arch.sie_block->gbea = 1;
> >> -	vcpu->arch.sie_block->pp = 0;
> >> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> >> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
> >> +		vcpu->arch.sie_block->gbea = 1;
> >> +		vcpu->arch.sie_block->pp = 0;
> >> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> >> +		vcpu->arch.sie_block->todpr = 0;  
> > 
> > What happens if we do change those values? Is it just ignored or will
> > we get an exception on the next SIE entry?  
> 
> Well, changing gbea is a bad idea because of the sida overlay.
> I don't think that any other is checked, but I'd need to look up the
> todpr changes to be completely sure.

Maybe add a comment

/*
 * Do not reset these registers in the protected case, as some of
 * them are overlayed and they are not accessible in this case
 * anyway.
 */

?

Just to avoid headscratching once this dropped out of our caches.

> 
> >   
> >> +	}
> >>  }
> >>  
> >>  static void kvm_arch_vcpu_ioctl_clear_reset(struct kvm_vcpu *vcpu)  
> >   
> 
>
Christian Borntraeger Feb. 25, 2020, 1:07 p.m. UTC | #4 
On 25.02.20 13:32, Cornelia Huck wrote:
> On Mon, 24 Feb 2020 06:40:55 -0500
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> From: Janosch Frank <frankja@linux.ibm.com>
>>
>> For protected VMs the hypervisor can not access guest breaking event
>> address, program parameter, bpbc and todpr. Do not reset those fields
>> as the control block does not provide access to these fields.
>>
>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
>> Reviewed-by: David Hildenbrand <david@redhat.com>
>> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> ---
>>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>> index 6ab4c88f2e1d..c734e89235f9 100644
>> --- a/arch/s390/kvm/kvm-s390.c
>> +++ b/arch/s390/kvm/kvm-s390.c
>> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
>>  	kvm_s390_set_prefix(vcpu, 0);
>>  	kvm_s390_set_cpu_timer(vcpu, 0);
>>  	vcpu->arch.sie_block->ckc = 0;
>> -	vcpu->arch.sie_block->todpr = 0;
>>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
>>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
>>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
>>  	vcpu->run->s.regs.fpc = 0;
>> -	vcpu->arch.sie_block->gbea = 1;
>> -	vcpu->arch.sie_block->pp = 0;
>> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
>> +		vcpu->arch.sie_block->gbea = 1;
>> +		vcpu->arch.sie_block->pp = 0;
>> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>> +		vcpu->arch.sie_block->todpr = 0;
> 
> What happens if we do change those values? Is it just ignored or will
> we get an exception on the next SIE entry?

These fields (offsets in the sie control block) are not defined or re-defined for secure guests.
So we better leave them unchanged.
Christian Borntraeger Feb. 25, 2020, 1:08 p.m. UTC | #5 
On 25.02.20 14:06, Cornelia Huck wrote:
> On Tue, 25 Feb 2020 13:51:12 +0100
> Janosch Frank <frankja@linux.ibm.com> wrote:
> 
>> On 2/25/20 1:32 PM, Cornelia Huck wrote:
>>> On Mon, 24 Feb 2020 06:40:55 -0500
>>> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
>>>   
>>>> From: Janosch Frank <frankja@linux.ibm.com>
>>>>
>>>> For protected VMs the hypervisor can not access guest breaking event
>>>> address, program parameter, bpbc and todpr. Do not reset those fields
>>>> as the control block does not provide access to these fields.
>>>>
>>>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
>>>> Reviewed-by: David Hildenbrand <david@redhat.com>
>>>> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
>>>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>>>> ---
>>>>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
>>>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>>>> index 6ab4c88f2e1d..c734e89235f9 100644
>>>> --- a/arch/s390/kvm/kvm-s390.c
>>>> +++ b/arch/s390/kvm/kvm-s390.c
>>>> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
>>>>  	kvm_s390_set_prefix(vcpu, 0);
>>>>  	kvm_s390_set_cpu_timer(vcpu, 0);
>>>>  	vcpu->arch.sie_block->ckc = 0;
>>>> -	vcpu->arch.sie_block->todpr = 0;
>>>>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
>>>>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
>>>>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
>>>>  	vcpu->run->s.regs.fpc = 0;
>>>> -	vcpu->arch.sie_block->gbea = 1;
>>>> -	vcpu->arch.sie_block->pp = 0;
>>>> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>>>> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
>>>> +		vcpu->arch.sie_block->gbea = 1;
>>>> +		vcpu->arch.sie_block->pp = 0;
>>>> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
>>>> +		vcpu->arch.sie_block->todpr = 0;  
>>>
>>> What happens if we do change those values? Is it just ignored or will
>>> we get an exception on the next SIE entry?  
>>
>> Well, changing gbea is a bad idea because of the sida overlay.
>> I don't think that any other is checked, but I'd need to look up the
>> todpr changes to be completely sure.
> 
> Maybe add a comment
> 
> /*
>  * Do not reset these registers in the protected case, as some of
>  * them are overlayed and they are not accessible in this case
>  * anyway.
>  */

Makes sense, will add.
Cornelia Huck Feb. 25, 2020, 1:16 p.m. UTC | #6 
On Tue, 25 Feb 2020 14:08:16 +0100
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> On 25.02.20 14:06, Cornelia Huck wrote:
> > On Tue, 25 Feb 2020 13:51:12 +0100
> > Janosch Frank <frankja@linux.ibm.com> wrote:
> >   
> >> On 2/25/20 1:32 PM, Cornelia Huck wrote:  
> >>> On Mon, 24 Feb 2020 06:40:55 -0500
> >>> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> >>>     
> >>>> From: Janosch Frank <frankja@linux.ibm.com>
> >>>>
> >>>> For protected VMs the hypervisor can not access guest breaking event
> >>>> address, program parameter, bpbc and todpr. Do not reset those fields
> >>>> as the control block does not provide access to these fields.
> >>>>
> >>>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> >>>> Reviewed-by: David Hildenbrand <david@redhat.com>
> >>>> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
> >>>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> >>>> ---
> >>>>  arch/s390/kvm/kvm-s390.c | 10 ++++++----
> >>>>  1 file changed, 6 insertions(+), 4 deletions(-)
> >>>>
> >>>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> >>>> index 6ab4c88f2e1d..c734e89235f9 100644
> >>>> --- a/arch/s390/kvm/kvm-s390.c
> >>>> +++ b/arch/s390/kvm/kvm-s390.c
> >>>> @@ -3499,14 +3499,16 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
> >>>>  	kvm_s390_set_prefix(vcpu, 0);
> >>>>  	kvm_s390_set_cpu_timer(vcpu, 0);
> >>>>  	vcpu->arch.sie_block->ckc = 0;
> >>>> -	vcpu->arch.sie_block->todpr = 0;
> >>>>  	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
> >>>>  	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
> >>>>  	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
> >>>>  	vcpu->run->s.regs.fpc = 0;
> >>>> -	vcpu->arch.sie_block->gbea = 1;
> >>>> -	vcpu->arch.sie_block->pp = 0;
> >>>> -	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> >>>> +	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
> >>>> +		vcpu->arch.sie_block->gbea = 1;
> >>>> +		vcpu->arch.sie_block->pp = 0;
> >>>> +		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> >>>> +		vcpu->arch.sie_block->todpr = 0;    
> >>>
> >>> What happens if we do change those values? Is it just ignored or will
> >>> we get an exception on the next SIE entry?    
> >>
> >> Well, changing gbea is a bad idea because of the sida overlay.
> >> I don't think that any other is checked, but I'd need to look up the
> >> todpr changes to be completely sure.  
> > 
> > Maybe add a comment
> > 
> > /*
> >  * Do not reset these registers in the protected case, as some of
> >  * them are overlayed and they are not accessible in this case
> >  * anyway.
> >  */  
> 
> Makes sense, will add.
> 

With that:

Reviewed-by: Cornelia Huck <cohuck@redhat.com>
diff mbox series

Patch

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 6ab4c88f2e1d..c734e89235f9 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -3499,14 +3499,16 @@  static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
 	kvm_s390_set_prefix(vcpu, 0);
 	kvm_s390_set_cpu_timer(vcpu, 0);
 	vcpu->arch.sie_block->ckc = 0;
-	vcpu->arch.sie_block->todpr = 0;
 	memset(vcpu->arch.sie_block->gcr, 0, sizeof(vcpu->arch.sie_block->gcr));
 	vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
 	vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
 	vcpu->run->s.regs.fpc = 0;
-	vcpu->arch.sie_block->gbea = 1;
-	vcpu->arch.sie_block->pp = 0;
-	vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
+	if (!kvm_s390_pv_cpu_is_protected(vcpu)) {
+		vcpu->arch.sie_block->gbea = 1;
+		vcpu->arch.sie_block->pp = 0;
+		vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
+		vcpu->arch.sie_block->todpr = 0;
+	}
 }
 
 static void kvm_arch_vcpu_ioctl_clear_reset(struct kvm_vcpu *vcpu)