On 24/10/2019 13.40, Janosch Frank wrote:
> A lot of the registers are controlled by the Ultravisor and never
> visible to KVM. Also some registers are overlayed, like gbea is with
> sidad, which might leak data to userspace.
>
> Hence we sync a minimal set of registers for both SIE formats and then
> check and sync format 2 registers if necessary.
>
> Also we disable set/get one reg for the same reason. It's an old
> interface anyway.
>
> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
> ---
> arch/s390/kvm/kvm-s390.c | 138 +++++++++++++++++++++++----------------
> 1 file changed, 82 insertions(+), 56 deletions(-)
>
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 17a78774c617..f623c64aeade 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -2997,7 +2997,8 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu)
> /* make sure the new fpc will be lazily loaded */
> save_fpu_regs();
> current->thread.fpu.fpc = 0;
> - vcpu->arch.sie_block->gbea = 1;
> + if (!kvm_s390_pv_is_protected(vcpu->kvm))
> + vcpu->arch.sie_block->gbea = 1;
> vcpu->arch.sie_block->pp = 0;
> vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID;
> @@ -3367,6 +3368,10 @@ static int kvm_arch_vcpu_ioctl_get_one_reg(struct kvm_vcpu *vcpu,
> (u64 __user *)reg->addr);
> break;
> case KVM_REG_S390_GBEA:
> + if (kvm_s390_pv_is_protected(vcpu->kvm)) {
> + r = 0;
> + break;
> + }
> r = put_user(vcpu->arch.sie_block->gbea,
> (u64 __user *)reg->addr);
> break;
> @@ -3420,6 +3425,10 @@ static int kvm_arch_vcpu_ioctl_set_one_reg(struct kvm_vcpu *vcpu,
> (u64 __user *)reg->addr);
> break;
> case KVM_REG_S390_GBEA:
> + if (kvm_s390_pv_is_protected(vcpu->kvm)) {
> + r = 0;
> + break;
> + }
Wouldn't it be better to return EINVAL in this case? ... the callers
definitely do not get what they expected here...
Thomas
