[PATCH 0/2] KVM: s390: Fix V!=R bug in STFLE shadowing

public inbox for linux-s390@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/2] KVM: s390: Fix V!=R bug in STFLE shadowing
@ 2024-03-19 16:44 Nina Schoetterl-Glausch
  2024-03-19 16:44 ` [PATCH RESEND 1/2] KVM: s390: Minor refactor of base/ext facility lists Nina Schoetterl-Glausch
  2024-03-19 16:44 ` [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block Nina Schoetterl-Glausch
  0 siblings, 2 replies; 4+ messages in thread
From: Nina Schoetterl-Glausch @ 2024-03-19 16:44 UTC (permalink / raw)
  To: Christian Borntraeger, Vasily Gorbik, Heiko Carstens,
	Janosch Frank, Alexander Gordeev, Claudio Imbrenda
  Cc: Nina Schoetterl-Glausch, David Hildenbrand, linux-kernel, kvm,
	linux-s390, Sven Schnelle

The address of the facility control block is a physical address,
and therefore requires conversion from virtual (patch 2).

Also send unrelated patch 1 which was previously sent as part of
"KVM: s390: Fix minor bugs in STFLE shadowing" but deferred.

Nina Schoetterl-Glausch (2):
  KVM: s390: Minor refactor of base/ext facility lists
  KVM: s390: vsie: Use virt_to_phys for facility control block

 arch/s390/kvm/kvm-s390.c | 44 +++++++++++++++++-----------------------
 arch/s390/kvm/vsie.c     |  3 ++-
 2 files changed, 21 insertions(+), 26 deletions(-)


base-commit: e8f897f4afef0031fe618a8e94127a0934896aba
-- 
2.40.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH RESEND 1/2] KVM: s390: Minor refactor of base/ext facility lists
  2024-03-19 16:44 [PATCH 0/2] KVM: s390: Fix V!=R bug in STFLE shadowing Nina Schoetterl-Glausch
@ 2024-03-19 16:44 ` Nina Schoetterl-Glausch
  2024-03-19 16:44 ` [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block Nina Schoetterl-Glausch
  1 sibling, 0 replies; 4+ messages in thread
From: Nina Schoetterl-Glausch @ 2024-03-19 16:44 UTC (permalink / raw)
  To: Heiko Carstens, Christian Borntraeger, Vasily Gorbik,
	Claudio Imbrenda, Alexander Gordeev, Janosch Frank
  Cc: Nina Schoetterl-Glausch, Sven Schnelle, linux-s390, kvm,
	linux-kernel, David Hildenbrand

Directly use the size of the arrays instead of going through the
indirection of kvm_s390_fac_size().
Don't use magic number for the number of entries in the non hypervisor
managed facility bit mask list.
Make the constraint of that number on kvm_s390_fac_base obvious.
Get rid of implicit double anding of stfle_fac_list.

Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
---

Notes:
    I think it's nicer this way but it might be needless churn.

 arch/s390/kvm/kvm-s390.c | 44 +++++++++++++++++-----------------------
 1 file changed, 19 insertions(+), 25 deletions(-)

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index ea63ac769889..0882e0f02cde 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -224,33 +224,25 @@ static int async_destroy = 1;
 module_param(async_destroy, int, 0444);
 MODULE_PARM_DESC(async_destroy, "Asynchronous destroy for protected guests");
 
-/*
- * For now we handle at most 16 double words as this is what the s390 base
- * kernel handles and stores in the prefix page. If we ever need to go beyond
- * this, this requires changes to code, but the external uapi can stay.
- */
-#define SIZE_INTERNAL 16
-
+#define HMFAI_DWORDS 16
 /*
  * Base feature mask that defines default mask for facilities. Consists of the
  * defines in FACILITIES_KVM and the non-hypervisor managed bits.
  */
-static unsigned long kvm_s390_fac_base[SIZE_INTERNAL] = { FACILITIES_KVM };
+static unsigned long kvm_s390_fac_base[HMFAI_DWORDS] = { FACILITIES_KVM };
+static_assert(ARRAY_SIZE(((long[]){ FACILITIES_KVM })) <= HMFAI_DWORDS);
+static_assert(ARRAY_SIZE(kvm_s390_fac_base) <= S390_ARCH_FAC_MASK_SIZE_U64);
+static_assert(ARRAY_SIZE(kvm_s390_fac_base) <= S390_ARCH_FAC_LIST_SIZE_U64);
+static_assert(ARRAY_SIZE(kvm_s390_fac_base) <= ARRAY_SIZE(stfle_fac_list));
+
 /*
  * Extended feature mask. Consists of the defines in FACILITIES_KVM_CPUMODEL
  * and defines the facilities that can be enabled via a cpu model.
  */
-static unsigned long kvm_s390_fac_ext[SIZE_INTERNAL] = { FACILITIES_KVM_CPUMODEL };
-
-static unsigned long kvm_s390_fac_size(void)
-{
-	BUILD_BUG_ON(SIZE_INTERNAL > S390_ARCH_FAC_MASK_SIZE_U64);
-	BUILD_BUG_ON(SIZE_INTERNAL > S390_ARCH_FAC_LIST_SIZE_U64);
-	BUILD_BUG_ON(SIZE_INTERNAL * sizeof(unsigned long) >
-		sizeof(stfle_fac_list));
-
-	return SIZE_INTERNAL;
-}
+static const unsigned long kvm_s390_fac_ext[] = { FACILITIES_KVM_CPUMODEL };
+static_assert(ARRAY_SIZE(kvm_s390_fac_ext) <= S390_ARCH_FAC_MASK_SIZE_U64);
+static_assert(ARRAY_SIZE(kvm_s390_fac_ext) <= S390_ARCH_FAC_LIST_SIZE_U64);
+static_assert(ARRAY_SIZE(kvm_s390_fac_ext) <= ARRAY_SIZE(stfle_fac_list));
 
 /* available cpu features supported by kvm */
 static DECLARE_BITMAP(kvm_s390_available_cpu_feat, KVM_S390_VM_CPU_FEAT_NR_BITS);
@@ -3347,13 +3339,16 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	kvm->arch.sie_page2->kvm = kvm;
 	kvm->arch.model.fac_list = kvm->arch.sie_page2->fac_list;
 
-	for (i = 0; i < kvm_s390_fac_size(); i++) {
+	for (i = 0; i < ARRAY_SIZE(kvm_s390_fac_base); i++) {
 		kvm->arch.model.fac_mask[i] = stfle_fac_list[i] &
-					      (kvm_s390_fac_base[i] |
-					       kvm_s390_fac_ext[i]);
+					      kvm_s390_fac_base[i];
 		kvm->arch.model.fac_list[i] = stfle_fac_list[i] &
 					      kvm_s390_fac_base[i];
 	}
+	for (i = 0; i < ARRAY_SIZE(kvm_s390_fac_ext); i++) {
+		kvm->arch.model.fac_mask[i] |= stfle_fac_list[i] &
+					       kvm_s390_fac_ext[i];
+	}
 	kvm->arch.model.subfuncs = kvm_s390_available_subfunc;
 
 	/* we are always in czam mode - even on pre z14 machines */
@@ -5857,9 +5852,8 @@ static int __init kvm_s390_init(void)
 		return -EINVAL;
 	}
 
-	for (i = 0; i < 16; i++)
-		kvm_s390_fac_base[i] |=
-			stfle_fac_list[i] & nonhyp_mask(i);
+	for (i = 0; i < HMFAI_DWORDS; i++)
+		kvm_s390_fac_base[i] |= nonhyp_mask(i);
 
 	r = __kvm_s390_init();
 	if (r)
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block
  2024-03-19 16:44 [PATCH 0/2] KVM: s390: Fix V!=R bug in STFLE shadowing Nina Schoetterl-Glausch
  2024-03-19 16:44 ` [PATCH RESEND 1/2] KVM: s390: Minor refactor of base/ext facility lists Nina Schoetterl-Glausch
@ 2024-03-19 16:44 ` Nina Schoetterl-Glausch
  2024-03-20 11:35   ` David Hildenbrand
  1 sibling, 1 reply; 4+ messages in thread
From: Nina Schoetterl-Glausch @ 2024-03-19 16:44 UTC (permalink / raw)
  To: Alexander Gordeev, Claudio Imbrenda, Christian Borntraeger,
	Vasily Gorbik, Janosch Frank, Heiko Carstens
  Cc: Nina Schoetterl-Glausch, linux-kernel, Sven Schnelle, kvm,
	David Hildenbrand, linux-s390

In order for SIE to interpretively execute STFLE, it requires the real
or absolute address of a facility-list control block.
Before writing the location into the shadow SIE control block, convert
it from a virtual address.
We currently do not run into this bug because the lower 31 bits are the
same for virtual and physical addresses.

Signed-off-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
---
 arch/s390/kvm/vsie.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 3af3bd20ac7b..da2819112e1d 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -12,6 +12,7 @@
 #include <linux/list.h>
 #include <linux/bitmap.h>
 #include <linux/sched/signal.h>
+#include <linux/io.h>
 
 #include <asm/gmap.h>
 #include <asm/mmu_context.h>
@@ -1006,7 +1007,7 @@ static int handle_stfle(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 		if (read_guest_real(vcpu, fac, &vsie_page->fac,
 				    stfle_size() * sizeof(u64)))
 			return set_validity_icpt(scb_s, 0x1090U);
-		scb_s->fac = (__u32)(__u64) &vsie_page->fac;
+		scb_s->fac = (u32)virt_to_phys(&vsie_page->fac);
 	}
 	return 0;
 }
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block
  2024-03-19 16:44 ` [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block Nina Schoetterl-Glausch
@ 2024-03-20 11:35   ` David Hildenbrand
  0 siblings, 0 replies; 4+ messages in thread
From: David Hildenbrand @ 2024-03-20 11:35 UTC (permalink / raw)
  To: Nina Schoetterl-Glausch, Alexander Gordeev, Claudio Imbrenda,
	Christian Borntraeger, Vasily Gorbik, Janosch Frank,
	Heiko Carstens
  Cc: linux-kernel, Sven Schnelle, kvm, linux-s390

On 19.03.24 17:44, Nina Schoetterl-Glausch wrote:
> In order for SIE to interpretively execute STFLE, it requires the real
> or absolute address of a facility-list control block.
> Before writing the location into the shadow SIE control block, convert
> it from a virtual address.
> We currently do not run into this bug because the lower 31 bits are the
> same for virtual and physical addresses.

So it's not a bug (yet) :)

But certainly the right thing to do and more future-proof.

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Cheers,

David / dhildenb


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-03-20 11:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-19 16:44 [PATCH 0/2] KVM: s390: Fix V!=R bug in STFLE shadowing Nina Schoetterl-Glausch
2024-03-19 16:44 ` [PATCH RESEND 1/2] KVM: s390: Minor refactor of base/ext facility lists Nina Schoetterl-Glausch
2024-03-19 16:44 ` [PATCH 2/2] KVM: s390: vsie: Use virt_to_phys for facility control block Nina Schoetterl-Glausch
2024-03-20 11:35   ` David Hildenbrand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox