On 03/02/2020 14.19, Christian Borntraeger wrote: > From: Janosch Frank <frankja@xxxxxxxxxxxxx> > > A lot of the registers are controlled by the Ultravisor and never > visible to KVM. Some fields in the sie control block are overlayed, > like gbea. As no userspace uses the ONE_REG interface on s390 it is safe > to disable this for protected guests. > > Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> > --- > arch/s390/kvm/kvm-s390.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c > index 6e74c7afae3a..b9692d722c1e 100644 > --- a/arch/s390/kvm/kvm-s390.c > +++ b/arch/s390/kvm/kvm-s390.c > @@ -4641,6 +4641,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, > case KVM_SET_ONE_REG: > case KVM_GET_ONE_REG: { > struct kvm_one_reg reg; > + r = -EINVAL; > + if (kvm_s390_pv_is_protected(vcpu->kvm)) > + break; > r = -EFAULT; > if (copy_from_user(®, argp, sizeof(reg))) > break; Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx> PS: Not sure, but maybe it would be also be good to add a sentence to Documentation/virt/kvm/api.txt ?