On 11/18/19 5:39 PM, Cornelia Huck wrote:
> On Thu, 24 Oct 2019 07:40:45 -0400
> Janosch Frank <frankja@xxxxxxxxxxxxx> wrote:
>
> Add at least a short sentence here?
For protected VMs the lowcore does not only need to be mapped, but also
needs to be protected memory, if not we'll get a validity interception
when trying to run it.
>
>> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
>> ---
>> arch/s390/kvm/kvm-s390.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
>> index eddc9508c1b1..17a78774c617 100644
>> --- a/arch/s390/kvm/kvm-s390.c
>> +++ b/arch/s390/kvm/kvm-s390.c
>> @@ -3646,6 +3646,15 @@ static int kvm_s390_handle_requests(struct kvm_vcpu *vcpu)
>> rc = gmap_mprotect_notify(vcpu->arch.gmap,
>> kvm_s390_get_prefix(vcpu),
>> PAGE_SIZE * 2, PROT_WRITE);
>> + if (!rc && kvm_s390_pv_is_protected(vcpu->kvm)) {
>> + rc = uv_convert_to_secure(vcpu->arch.gmap,
>> + kvm_s390_get_prefix(vcpu));
>> + WARN_ON_ONCE(rc && rc != -EEXIST);
>> + rc = uv_convert_to_secure(vcpu->arch.gmap,
>> + kvm_s390_get_prefix(vcpu) + PAGE_SIZE);
>> + WARN_ON_ONCE(rc && rc != -EEXIST);
>> + rc = 0;
>
> So, what happens if we have an error other than -EEXIST (which
> presumably means that we already protected it) here? The page is not
> protected, and further accesses will get an error? (Another question:
> what can actually go wrong here?)
If KVM or QEMU write into a lowcore, we will fail the integrity check on
import and this cpu will never run again.
In retrospect a warn_on_once might be the wrong error handling here.
>
>> + }
>> if (rc) {
>> kvm_make_request(KVM_REQ_MMU_RELOAD, vcpu);
>> return rc;
>
Attachment:
signature.asc
Description: OpenPGP digital signature
