On Mon, 5 Mar 2018 20:08:45 +0100 Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > Do you happen to run with a recent host kernel that has > > commit 7041d28115e91f2144f811ffe8a195c696b1e1d0 > s390: scrub registers on kernel entry and KVM exit > > Can you run with this on top > diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S > index 13a133a6015c..d6dc0e5e8f74 100644 > --- a/arch/s390/kernel/entry.S > +++ b/arch/s390/kernel/entry.S > @@ -426,13 +426,13 @@ ENTRY(system_call) > UPDATE_VTIME %r8,%r9,__LC_SYNC_ENTER_TIMER > BPENTER __TI_flags(%r12),_TIF_ISOLATE_BP > stmg %r0,%r7,__PT_R0(%r11) > - # clear user controlled register to prevent speculative use > - xgr %r0,%r0 > mvc __PT_R8(64,%r11),__LC_SAVE_AREA_SYNC > mvc __PT_PSW(16,%r11),__LC_SVC_OLD_PSW > mvc __PT_INT_CODE(4,%r11),__LC_SVC_ILC > stg %r14,__PT_FLAGS(%r11) > .Lsysc_do_svc: > + # clear user controlled register to prevent speculative use > + xgr %r0,%r0 > # load address of system call table > lg %r10,__THREAD_sysc_table(%r13,%r12) > llgh %r8,__PT_INT_CODE+2(%r11) > > > To me it looks like that the critical section cleanup (interrupt during system call entry) might > save the registers again into ptregs but we have already zeroed out r0. > This patch moves the clearing of r0 after sysc_do_svc, which should fix the critical > section cleanup. > > Adding Martin and Heiko. Will spin a patch. Argh, yes. Thanks Chrisitan, this is it. I have been searching for the bug for days now. The point is that if the system call handler is interrupted after the xgr but before .Lsysc_do_svc the code at .Lcleanup_system_call repeats the stmg for %r0-%r7 but now %r0 is already zero. Please commit a patch for this and I'll will queue it up immediately. -- blue skies, Martin. "Reality continues to ruin my life." - Calvin. -- To unsubscribe from this list: send the line "unsubscribe linux-s390" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
