On Thu, 2024-02-08 at 13:39 +0100, Janosch Frank wrote: > On 1/31/24 21:58, Eric Farman wrote: > > The routine ar_translation() is called by get_vcpu_asce(), which is > > called from a handful of places, such as an interception that is > > being handled during KVM_RUN processing. In that case, the access > > registers of the vcpu had been saved to a host_acrs struct and then > > the guest access registers loaded from the KVM_RUN struct prior to > > entering SIE. Saving them back to KVM_RUN at this point doesn't do > > any harm, since it will be done again at the end of the KVM_RUN > > loop when the host access registers are restored. > > > > But that's not the only path into this code. The MEM_OP ioctl can > > be used while specifying an access register, and will arrive here. > > > > Linux itself doesn't use the access registers for much, but it does > > squirrel the thread local storage variable into ACRs 0 and 1 in > > copy_thread() [1]. This means that the MEM_OP ioctl may copy > > non-zero access registers (the upper- and lower-halves of the TLS > > pointer) to the KVM_RUN struct, which will end up getting > > propogated > > to the guest once KVM_RUN ioctls occur. Since these are almost > > certainly invalid as far as an ALET goes, an ALET Specification > > Exception would be triggered if it were attempted to be used. > > > > > > Would you be able to come up with a kvm-unit-test to verify a fix and > for regression? Hmmm, maybe a kselftest would be even easier. > Sure thing. I had started down the kselftest path as there's already some building blocks there, but got distracted by some other things in that space that were puzzling me. Will dig that branch back out.
