On Mon, 3 Feb 2020 08:19:47 -0500
Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
> From: Janosch Frank <frankja@xxxxxxxxxxxxx>
>
> A lot of the registers are controlled by the Ultravisor and never
> visible to KVM. Also some registers are overlayed, like gbea is with
> sidad, which might leak data to userspace.
>
> Hence we sync a minimal set of registers for both SIE formats and then
> check and sync format 2 registers if necessary.
>
> Also we disable set/get one reg for the same reason. It's an old
> interface anyway.
>
> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> [Fixes and patch splitting]
> ---
> arch/s390/kvm/kvm-s390.c | 116 ++++++++++++++++++++++++---------------
> 1 file changed, 72 insertions(+), 44 deletions(-)
>
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index b9692d722c1e..00a0ce4a3d35 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -3444,9 +3444,11 @@ static void kvm_arch_vcpu_ioctl_initial_reset(struct kvm_vcpu *vcpu)
> vcpu->arch.sie_block->gcr[0] = CR0_INITIAL_MASK;
> vcpu->arch.sie_block->gcr[14] = CR14_INITIAL_MASK;
> vcpu->run->s.regs.fpc = 0;
> - vcpu->arch.sie_block->gbea = 1;
> - vcpu->arch.sie_block->pp = 0;
> - vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> + if (!kvm_s390_pv_handle_cpu(vcpu)) {
> + vcpu->arch.sie_block->gbea = 1;
> + vcpu->arch.sie_block->pp = 0;
> + vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
What about e.g. gcr[]? Is it something that just does not matter, while
these conflict somehow?
> + }
> }
>
> static void kvm_arch_vcpu_ioctl_clear_reset(struct kvm_vcpu *vcpu)
> @@ -4057,25 +4059,16 @@ static int __vcpu_run(struct kvm_vcpu *vcpu)
> return rc;
> }
>
> -static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> +static void sync_regs_fmt2(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> {
> struct runtime_instr_cb *riccb;
> struct gs_cb *gscb;
>
> - riccb = (struct runtime_instr_cb *) &kvm_run->s.regs.riccb;
> - gscb = (struct gs_cb *) &kvm_run->s.regs.gscb;
> vcpu->arch.sie_block->gpsw.mask = kvm_run->psw_mask;
> vcpu->arch.sie_block->gpsw.addr = kvm_run->psw_addr;
> - if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX)
> - kvm_s390_set_prefix(vcpu, kvm_run->s.regs.prefix);
> - if (kvm_run->kvm_dirty_regs & KVM_SYNC_CRS) {
> - memcpy(&vcpu->arch.sie_block->gcr, &kvm_run->s.regs.crs, 128);
> - /* some control register changes require a tlb flush */
> - kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
> - }
> + riccb = (struct runtime_instr_cb *) &kvm_run->s.regs.riccb;
> + gscb = (struct gs_cb *) &kvm_run->s.regs.gscb;
> if (kvm_run->kvm_dirty_regs & KVM_SYNC_ARCH0) {
> - kvm_s390_set_cpu_timer(vcpu, kvm_run->s.regs.cputm);
> - vcpu->arch.sie_block->ckc = kvm_run->s.regs.ckc;
> vcpu->arch.sie_block->todpr = kvm_run->s.regs.todpr;
> vcpu->arch.sie_block->pp = kvm_run->s.regs.pp;
> vcpu->arch.sie_block->gbea = kvm_run->s.regs.gbea;
> @@ -4116,6 +4109,47 @@ static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
> vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0;
> }
> + if (MACHINE_HAS_GS) {
> + preempt_disable();
> + __ctl_set_bit(2, 4);
> + if (current->thread.gs_cb) {
> + vcpu->arch.host_gscb = current->thread.gs_cb;
> + save_gs_cb(vcpu->arch.host_gscb);
> + }
> + if (vcpu->arch.gs_enabled) {
> + current->thread.gs_cb = (struct gs_cb *)
> + &vcpu->run->s.regs.gscb;
> + restore_gs_cb(current->thread.gs_cb);
> + }
> + preempt_enable();
> + }
> + /* SIE will load etoken directly from SDNX and therefore kvm_run */
> +}
> +
> +static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> +{
> + /*
> + * at several places we have to modify our internal view to not do
> + * things that are disallowed by the ultravisor. For example we must
But we are still free to do them for non-protected guests, right?
> + * not inject interrupts after specific exits (e.g. 112). We do this
Spell out what 112 is? Emergency call? ;)
> + * by turning off the MIE bits of our PSW copy. To avoid getting
What is MIE? The bits controlling machine check, I/O, external
interrupts?
> + * validity intercepts, we do only accept the condition code from
> + * userspace.
> + */
> + vcpu->arch.sie_block->gpsw.mask &= ~PSW_MASK_CC;
> + vcpu->arch.sie_block->gpsw.mask |= kvm_run->psw_mask & PSW_MASK_CC;
> +
> + if (kvm_run->kvm_dirty_regs & KVM_SYNC_PREFIX)
> + kvm_s390_set_prefix(vcpu, kvm_run->s.regs.prefix);
> + if (kvm_run->kvm_dirty_regs & KVM_SYNC_CRS) {
> + memcpy(&vcpu->arch.sie_block->gcr, &kvm_run->s.regs.crs, 128);
> + /* some control register changes require a tlb flush */
> + kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
> + }
> + if (kvm_run->kvm_dirty_regs & KVM_SYNC_ARCH0) {
> + kvm_s390_set_cpu_timer(vcpu, kvm_run->s.regs.cputm);
> + vcpu->arch.sie_block->ckc = kvm_run->s.regs.ckc;
> + }
> save_access_regs(vcpu->arch.host_acrs);
> restore_access_regs(vcpu->run->s.regs.acrs);
> /* save host (userspace) fprs/vrs */
Diff reordering makes this a bit hard to review, but it seems
reasonable at a glance.
