[GIT PULL 0/4] KVM: s390: Guarded storage fixup and keyless subset mode (kvm/next)

[GIT PULL 0/4] KVM: s390: Guarded storage fixup and keyless subset mode (kvm/next)

[Christian Borntraeger]

Paolo, Radim,

here are 4 patches for s390 for 4.12 via kvm/next.
2 things
- 2 fixups for guarded storage
- detect and implement the keyless subset mode
- there is one s390 sclp patch as a pre-req. It does not cause any
  conflict with todays linux-next and is acked by Martin

please pull into kvm/next

The following changes since commit f7b1a77d3bfbdc7e91a1e48e0a3dc10e7d890e04:

  Merge tag 'kvm-s390-next-4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux (2017-04-11 20:54:40 +0200)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git  tags/kvm-s390-next-4.12-2

for you to fetch changes up to 730cd632c4e485b90f97fe998e300045da094938:

  KVM: s390: Support keyless subset guest mode (2017-04-21 11:08:11 +0200)

----------------------------------------------------------------
KVM: s390: Guarded storage fixup and keyless subset mode

- detect and use the keyless subset mode (guests without
  storage keys)
- fix vSIE support for sdnxc
- fix machine check data for guarded storage

----------------------------------------------------------------
Christian Borntraeger (2):
      KVM: s390: Fix sdnxo setting for nested guests
      KVM: s390: fix stale machine check data for guarded storage

Farhan Ali (2):
      s390/sclp: Detect KSS facility
      KVM: s390: Support keyless subset guest mode

 arch/s390/include/asm/kvm_host.h |  2 ++
 arch/s390/include/asm/sclp.h     |  1 +
 arch/s390/include/uapi/asm/kvm.h |  1 +
 arch/s390/kvm/intercept.c        |  3 +++
 arch/s390/kvm/interrupt.c        |  2 ++
 arch/s390/kvm/kvm-s390.c         |  8 +++++++-
 arch/s390/kvm/kvm-s390.h         |  1 +
 arch/s390/kvm/priv.c             | 19 +++++++++++++------
 arch/s390/kvm/vsie.c             |  8 ++++++--
 drivers/s390/char/sclp_early.c   |  4 +++-
 10 files changed, 39 insertions(+), 10 deletions(-)

[GIT PULL 1/4] KVM: s390: Fix sdnxo setting for nested guests

[Christian Borntraeger]

If the guest does not use the host register management, but it uses
the sdnx area, we must fill in a proper sdnxo value (address of sdnx
and the sdnxc).

Reported-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 arch/s390/kvm/vsie.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 2fafc2b..025b1f2 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -627,7 +627,7 @@ static int pin_blocks(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 			rc = set_validity_icpt(scb_s, 0x10b0U);
 		if (rc)
 			goto unpin;
-		scb_s->sdnxo = hpa;
+		scb_s->sdnxo = hpa | sdnxc;
 	}
 	return 0;
 unpin:
-- 
2.7.4

[GIT PULL 2/4] KVM: s390: fix stale machine check data for guarded storage

[Christian Borntraeger]

When delivering a machine check the CPU state is "loaded", which
means that some registers are already in the host registers.
Before writing the register content into the machine check
save area, we must make sure that we save the content of the
registers into the data structures that are used for delivering
the machine check.
We already do the right thing for access, vector/floating point
registers, let's do the same for guarded storage.

Fixes: 4e0b1ab72b8a ("KVM: s390: gs support for kvm guests")
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 arch/s390/kvm/interrupt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index 482673e..caf15c8a 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -419,6 +419,8 @@ static int __write_machine_check(struct kvm_vcpu *vcpu,
 	/* take care of lazy register loading */
 	save_fpu_regs();
 	save_access_regs(vcpu->run->s.regs.acrs);
+	if (MACHINE_HAS_GS && vcpu->arch.gs_enabled)
+		save_gs_cb(current->thread.gs_cb);
 
 	/* Extended save area */
 	rc = read_guest_lc(vcpu, __LC_MCESAD, &ext_sa_addr,
-- 
2.7.4

[GIT PULL 3/4] s390/sclp: Detect KSS facility

[Christian Borntraeger]

From: Farhan Ali <alifm@linux.vnet.ibm.com>

Let's detect the keyless subset facility.

Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/include/asm/sclp.h   | 1 +
 drivers/s390/char/sclp_early.c | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/s390/include/asm/sclp.h b/arch/s390/include/asm/sclp.h
index ace3bd3..6f5167b 100644
--- a/arch/s390/include/asm/sclp.h
+++ b/arch/s390/include/asm/sclp.h
@@ -75,6 +75,7 @@ struct sclp_info {
 	unsigned char has_pfmfi : 1;
 	unsigned char has_ibs : 1;
 	unsigned char has_skey : 1;
+	unsigned char has_kss : 1;
 	unsigned int ibc;
 	unsigned int mtid;
 	unsigned int mtid_cp;
diff --git a/drivers/s390/char/sclp_early.c b/drivers/s390/char/sclp_early.c
index 519ec17..efd84d1 100644
--- a/drivers/s390/char/sclp_early.c
+++ b/drivers/s390/char/sclp_early.c
@@ -40,7 +40,8 @@ struct read_info_sccb {
 	u8	fac85;			/* 85 */
 	u8	_pad_86[91 - 86];	/* 86-90 */
 	u8	flags;			/* 91 */
-	u8	_pad_92[99 - 92];	/* 92-98 */
+	u8	_pad_92[98 - 92];	/* 92-97 */
+	u8	fac98;			/* 98 */
 	u8	hamaxpow;		/* 99 */
 	u32	rnsize2;		/* 100-103 */
 	u64	rnmax2;			/* 104-111 */
@@ -99,6 +100,7 @@ static void __init sclp_early_facilities_detect(struct read_info_sccb *sccb)
 	sclp.has_pfmfi = !!(sccb->fac117 & 0x40);
 	sclp.has_ibs = !!(sccb->fac117 & 0x20);
 	sclp.has_hvs = !!(sccb->fac119 & 0x80);
+	sclp.has_kss = !!(sccb->fac98 & 0x01);
 	if (sccb->fac85 & 0x02)
 		S390_lowcore.machine_flags |= MACHINE_FLAG_ESOP;
 	sclp.rnmax = sccb->rnmax ? sccb->rnmax : sccb->rnmax2;
-- 
2.7.4

[GIT PULL 4/4] KVM: s390: Support keyless subset guest mode

[Christian Borntraeger]

From: Farhan Ali <alifm@linux.vnet.ibm.com>

If the KSS facility is available on the machine, we also make it
available for our KVM guests.

The KSS facility bypasses storage key management as long as the guest
does not issue a related instruction. When that happens, the control is
returned to the host, which has to turn off KSS for a guest vcpu
before retrying the instruction.

Signed-off-by: Corey S. McQuay <csmcquay@linux.vnet.ibm.com>
Signed-off-by: Farhan Ali <alifm@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/include/asm/kvm_host.h |  2 ++
 arch/s390/include/uapi/asm/kvm.h |  1 +
 arch/s390/kvm/intercept.c        |  3 +++
 arch/s390/kvm/kvm-s390.c         |  8 +++++++-
 arch/s390/kvm/kvm-s390.h         |  1 +
 arch/s390/kvm/priv.c             | 19 +++++++++++++------
 arch/s390/kvm/vsie.c             |  6 +++++-
 7 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index 552c319..426614a 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -122,6 +122,7 @@ struct esca_block {
 #define CPUSTAT_SLSR       0x00002000
 #define CPUSTAT_ZARCH      0x00000800
 #define CPUSTAT_MCDS       0x00000100
+#define CPUSTAT_KSS        0x00000200
 #define CPUSTAT_SM         0x00000080
 #define CPUSTAT_IBS        0x00000040
 #define CPUSTAT_GED2       0x00000010
@@ -185,6 +186,7 @@ struct kvm_s390_sie_block {
 #define ICPT_OPEREXC	0x2C
 #define ICPT_PARTEXEC	0x38
 #define ICPT_IOINST	0x40
+#define ICPT_KSS	0x5c
 	__u8	icptcode;		/* 0x0050 */
 	__u8	icptstatus;		/* 0x0051 */
 	__u16	ihcpu;			/* 0x0052 */
diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
index 2c9ad25..bf92679 100644
--- a/arch/s390/include/uapi/asm/kvm.h
+++ b/arch/s390/include/uapi/asm/kvm.h
@@ -119,6 +119,7 @@ struct kvm_s390_vm_cpu_machine {
 #define KVM_S390_VM_CPU_FEAT_CMMA	10
 #define KVM_S390_VM_CPU_FEAT_PFMFI	11
 #define KVM_S390_VM_CPU_FEAT_SIGPIF	12
+#define KVM_S390_VM_CPU_FEAT_KSS	13
 struct kvm_s390_vm_cpu_feat {
 	__u64 feat[16];
 };
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index f5378f3..a4752bf 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -426,6 +426,9 @@ int kvm_handle_sie_intercept(struct kvm_vcpu *vcpu)
 	case ICPT_PARTEXEC:
 		rc = handle_partial_execution(vcpu);
 		break;
+	case ICPT_KSS:
+		rc = kvm_s390_skey_check_enable(vcpu);
+		break;
 	default:
 		return -EOPNOTSUPP;
 	}
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 11b7d66..8771fef 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -300,6 +300,8 @@ static void kvm_s390_cpu_feat_init(void)
 		allow_cpu_feat(KVM_S390_VM_CPU_FEAT_CEI);
 	if (sclp.has_ibs)
 		allow_cpu_feat(KVM_S390_VM_CPU_FEAT_IBS);
+	if (sclp.has_kss)
+		allow_cpu_feat(KVM_S390_VM_CPU_FEAT_KSS);
 	/*
 	 * KVM_S390_VM_CPU_FEAT_SKEY: Wrong shadow of PTE.I bits will make
 	 * all skey handling functions read/set the skey from the PGSTE
@@ -2034,7 +2036,11 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
 	vcpu->arch.sie_block->sdnxo = ((unsigned long) &vcpu->run->s.regs.sdnx)
 					| SDNXC;
 	vcpu->arch.sie_block->riccbd = (unsigned long) &vcpu->run->s.regs.riccb;
-	vcpu->arch.sie_block->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
+
+	if (sclp.has_kss)
+		atomic_or(CPUSTAT_KSS, &vcpu->arch.sie_block->cpuflags);
+	else
+		vcpu->arch.sie_block->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
 
 	if (vcpu->kvm->arch.use_cmma) {
 		rc = kvm_s390_vcpu_setup_cmma(vcpu);
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 455124f..55f5c84 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -254,6 +254,7 @@ int kvm_s390_handle_lpsw(struct kvm_vcpu *vcpu);
 int kvm_s390_handle_stctl(struct kvm_vcpu *vcpu);
 int kvm_s390_handle_lctl(struct kvm_vcpu *vcpu);
 int kvm_s390_handle_eb(struct kvm_vcpu *vcpu);
+int kvm_s390_skey_check_enable(struct kvm_vcpu *vcpu);
 
 /* implemented in vsie.c */
 int kvm_s390_handle_vsie(struct kvm_vcpu *vcpu);
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 0ffe973..c03106c 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -198,18 +198,25 @@ static int handle_store_cpu_address(struct kvm_vcpu *vcpu)
 	return 0;
 }
 
-static int __skey_check_enable(struct kvm_vcpu *vcpu)
+int kvm_s390_skey_check_enable(struct kvm_vcpu *vcpu)
 {
 	int rc = 0;
+	struct kvm_s390_sie_block *sie_block = vcpu->arch.sie_block;
 
 	trace_kvm_s390_skey_related_inst(vcpu);
-	if (!(vcpu->arch.sie_block->ictl & (ICTL_ISKE | ICTL_SSKE | ICTL_RRBE)))
+	if (!(sie_block->ictl & (ICTL_ISKE | ICTL_SSKE | ICTL_RRBE)) &&
+	    !(atomic_read(&sie_block->cpuflags) & CPUSTAT_KSS))
 		return rc;
 
 	rc = s390_enable_skey();
 	VCPU_EVENT(vcpu, 3, "enabling storage keys for guest: %d", rc);
-	if (!rc)
-		vcpu->arch.sie_block->ictl &= ~(ICTL_ISKE | ICTL_SSKE | ICTL_RRBE);
+	if (!rc) {
+		if (atomic_read(&sie_block->cpuflags) & CPUSTAT_KSS)
+			atomic_andnot(CPUSTAT_KSS, &sie_block->cpuflags);
+		else
+			sie_block->ictl &= ~(ICTL_ISKE | ICTL_SSKE |
+					     ICTL_RRBE);
+	}
 	return rc;
 }
 
@@ -218,7 +225,7 @@ static int try_handle_skey(struct kvm_vcpu *vcpu)
 	int rc;
 
 	vcpu->stat.instruction_storage_key++;
-	rc = __skey_check_enable(vcpu);
+	rc = kvm_s390_skey_check_enable(vcpu);
 	if (rc)
 		return rc;
 	if (sclp.has_skey) {
@@ -916,7 +923,7 @@ static int handle_pfmf(struct kvm_vcpu *vcpu)
 		}
 
 		if (vcpu->run->s.regs.gprs[reg1] & PFMF_SK) {
-			int rc = __skey_check_enable(vcpu);
+			int rc = kvm_s390_skey_check_enable(vcpu);
 
 			if (rc)
 				return rc;
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index 025b1f2..4719ecb 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -117,6 +117,8 @@ static int prepare_cpuflags(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 		newflags |= cpuflags & CPUSTAT_SM;
 	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_IBS))
 		newflags |= cpuflags & CPUSTAT_IBS;
+	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_KSS))
+		newflags |= cpuflags & CPUSTAT_KSS;
 
 	atomic_set(&scb_s->cpuflags, newflags);
 	return 0;
@@ -289,7 +291,9 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 	 * bits. Therefore we cannot provide interpretation and would later
 	 * have to provide own emulation handlers.
 	 */
-	scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
+	if (!(atomic_read(&scb_s->cpuflags) & CPUSTAT_KSS))
+		scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
+
 	scb_s->icpua = scb_o->icpua;
 
 	if (!(atomic_read(&scb_s->cpuflags) & CPUSTAT_SM))
-- 
2.7.4

Re: [GIT PULL 0/4] KVM: s390: Guarded storage fixup and keyless subset mode (kvm/next)

[Paolo Bonzini]

On 21/04/2017 12:09, Christian Borntraeger wrote:
> Paolo, Radim,
> 
> here are 4 patches for s390 for 4.12 via kvm/next.
> 2 things
> - 2 fixups for guarded storage
> - detect and implement the keyless subset mode
> - there is one s390 sclp patch as a pre-req. It does not cause any
>   conflict with todays linux-next and is acked by Martin
> 
> please pull into kvm/next
> 
> The following changes since commit f7b1a77d3bfbdc7e91a1e48e0a3dc10e7d890e04:
> 
>   Merge tag 'kvm-s390-next-4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux (2017-04-11 20:54:40 +0200)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git  tags/kvm-s390-next-4.12-2
> 
> for you to fetch changes up to 730cd632c4e485b90f97fe998e300045da094938:
> 
>   KVM: s390: Support keyless subset guest mode (2017-04-21 11:08:11 +0200)
> 
> ----------------------------------------------------------------
> KVM: s390: Guarded storage fixup and keyless subset mode
> 
> - detect and use the keyless subset mode (guests without
>   storage keys)
> - fix vSIE support for sdnxc
> - fix machine check data for guarded storage
> 
> ----------------------------------------------------------------
> Christian Borntraeger (2):
>       KVM: s390: Fix sdnxo setting for nested guests
>       KVM: s390: fix stale machine check data for guarded storage
> 
> Farhan Ali (2):
>       s390/sclp: Detect KSS facility
>       KVM: s390: Support keyless subset guest mode
> 
>  arch/s390/include/asm/kvm_host.h |  2 ++
>  arch/s390/include/asm/sclp.h     |  1 +
>  arch/s390/include/uapi/asm/kvm.h |  1 +
>  arch/s390/kvm/intercept.c        |  3 +++
>  arch/s390/kvm/interrupt.c        |  2 ++
>  arch/s390/kvm/kvm-s390.c         |  8 +++++++-
>  arch/s390/kvm/kvm-s390.h         |  1 +
>  arch/s390/kvm/priv.c             | 19 +++++++++++++------
>  arch/s390/kvm/vsie.c             |  8 ++++++--
>  drivers/s390/char/sclp_early.c   |  4 +++-
>  10 files changed, 39 insertions(+), 10 deletions(-)
> 
> 

Pulled, thanks.

Paolo

Re: [GIT PULL 4/4] KVM: s390: Support keyless subset guest mode

[David Hildenbrand]

> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
> index 025b1f2..4719ecb 100644
> --- a/arch/s390/kvm/vsie.c
> +++ b/arch/s390/kvm/vsie.c
> @@ -117,6 +117,8 @@ static int prepare_cpuflags(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>  		newflags |= cpuflags & CPUSTAT_SM;
>  	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_IBS))
>  		newflags |= cpuflags & CPUSTAT_IBS;
> +	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_KSS))
> +		newflags |= cpuflags & CPUSTAT_KSS;
>  
>  	atomic_set(&scb_s->cpuflags, newflags);
>  	return 0;
> @@ -289,7 +291,9 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>  	 * bits. Therefore we cannot provide interpretation and would later
>  	 * have to provide own emulation handlers.
>  	 */
> -	scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
> +	if (!(atomic_read(&scb_s->cpuflags) & CPUSTAT_KSS))
> +		scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
> +
What would actually happen, if ICTL_ISKE | ICTL_SSKE | ICTL_RRBE remain
set? I assume KSS will dominate? Or are there any validity interceptions
defined for this?

-- 

Thanks,

David

Re: [GIT PULL 4/4] KVM: s390: Support keyless subset guest mode

[Christian Borntraeger]

On 04/21/2017 02:15 PM, David Hildenbrand wrote:
> 
>> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
>> index 025b1f2..4719ecb 100644
>> --- a/arch/s390/kvm/vsie.c
>> +++ b/arch/s390/kvm/vsie.c
>> @@ -117,6 +117,8 @@ static int prepare_cpuflags(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>>  		newflags |= cpuflags & CPUSTAT_SM;
>>  	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_IBS))
>>  		newflags |= cpuflags & CPUSTAT_IBS;
>> +	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_KSS))
>> +		newflags |= cpuflags & CPUSTAT_KSS;
>>  
>>  	atomic_set(&scb_s->cpuflags, newflags);
>>  	return 0;
>> @@ -289,7 +291,9 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>>  	 * bits. Therefore we cannot provide interpretation and would later
>>  	 * have to provide own emulation handlers.
>>  	 */
>> -	scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
>> +	if (!(atomic_read(&scb_s->cpuflags) & CPUSTAT_KSS))
>> +		scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
>> +
> What would actually happen, if ICTL_ISKE | ICTL_SSKE | ICTL_RRBE remain
> set? I assume KSS will dominate? Or are there any validity interceptions
> defined for this?

While having the same priority, the ICTL would win in this case, which
is not what we want. We would need to check for keyless in our 
storage key emulation and reinject a keyless intercept. 

By not enabling the ICTL if the nested guest runs keyless we can simply
forward the keyless intercept.

Re: [GIT PULL 4/4] KVM: s390: Support keyless subset guest mode

[David Hildenbrand]

On 21.04.2017 14:23, Christian Borntraeger wrote:
> On 04/21/2017 02:15 PM, David Hildenbrand wrote:
>>
>>> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
>>> index 025b1f2..4719ecb 100644
>>> --- a/arch/s390/kvm/vsie.c
>>> +++ b/arch/s390/kvm/vsie.c
>>> @@ -117,6 +117,8 @@ static int prepare_cpuflags(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>>>  		newflags |= cpuflags & CPUSTAT_SM;
>>>  	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_IBS))
>>>  		newflags |= cpuflags & CPUSTAT_IBS;
>>> +	if (test_kvm_cpu_feat(vcpu->kvm, KVM_S390_VM_CPU_FEAT_KSS))
>>> +		newflags |= cpuflags & CPUSTAT_KSS;
>>>  
>>>  	atomic_set(&scb_s->cpuflags, newflags);
>>>  	return 0;
>>> @@ -289,7 +291,9 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
>>>  	 * bits. Therefore we cannot provide interpretation and would later
>>>  	 * have to provide own emulation handlers.
>>>  	 */
>>> -	scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
>>> +	if (!(atomic_read(&scb_s->cpuflags) & CPUSTAT_KSS))
>>> +		scb_s->ictl |= ICTL_ISKE | ICTL_SSKE | ICTL_RRBE;
>>> +
>> What would actually happen, if ICTL_ISKE | ICTL_SSKE | ICTL_RRBE remain
>> set? I assume KSS will dominate? Or are there any validity interceptions
>> defined for this?
> 
> While having the same priority, the ICTL would win in this case, which
> is not what we want. We would need to check for keyless in our 
> storage key emulation and reinject a keyless intercept. 
> 
> By not enabling the ICTL if the nested guest runs keyless we can simply
> forward the keyless intercept.
> 

Thanks! Sounds and looks good to me :)

-- 

Thanks,

David