| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Jul 2021 12:16:06 +0200
From: Cornelia Huck <cohuck@...hat.com>
To: David Hildenbrand <david@...hat.com>,
Pierre Morel <pmorel@...ux.ibm.com>, kvm@...r.kernel.org
Cc: linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
borntraeger@...ibm.com, frankja@...ux.ibm.com, thuth@...hat.com,
imbrenda@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com
Subject: Re: [PATCH v1 1/2] s390x: KVM: accept STSI for CPU topology
information
On Thu, Jul 15 2021, David Hildenbrand <david@...hat.com> wrote:
> On 15.07.21 11:30, Cornelia Huck wrote:
>> On Thu, Jul 15 2021, David Hildenbrand <david@...hat.com> wrote:
>>
>>> On 14.07.21 17:25, Pierre Morel wrote:
>>>> STSI(15.1.x) gives information on the CPU configuration topology.
>>>> Let's accept the interception of STSI with the function code 15 and
>>>> let the userland part of the hypervisor handle it.
>>>>
>>>> Signed-off-by: Pierre Morel <pmorel@...ux.ibm.com>
>>>> ---
>>>> arch/s390/kvm/priv.c | 11 ++++++++++-
>>>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
>>>> index 9928f785c677..4ab5f8b7780e 100644
>>>> --- a/arch/s390/kvm/priv.c
>>>> +++ b/arch/s390/kvm/priv.c
>>>> @@ -856,7 +856,7 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
>>>> if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
>>>> return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
>>>>
>>>> - if (fc > 3) {
>>>> + if (fc > 3 && fc != 15) {
>>>> kvm_s390_set_psw_cc(vcpu, 3);
>>>> return 0;
>>>> }
>>>> @@ -893,6 +893,15 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
>>>> goto out_no_data;
>>>> handle_stsi_3_2_2(vcpu, (void *) mem);
>>>> break;
>>>> + case 15:
>>>> + if (sel1 != 1 || sel2 < 2 || sel2 > 6)
>>>> + goto out_no_data;
>>>> + if (vcpu->kvm->arch.user_stsi) {
>>>> + insert_stsi_usr_data(vcpu, operand2, ar, fc, sel1, sel2);
>>>> + return -EREMOTE;
>>
>> This bypasses the trace event further down.
>>
>>>> + }
>>>> + kvm_s390_set_psw_cc(vcpu, 3);
>>>> + return 0;
>>>> }
>>>> if (kvm_s390_pv_cpu_is_protected(vcpu)) {
>>>> memcpy((void *)sida_origin(vcpu->arch.sie_block), (void *)mem,
>>> 3. User space awareness
>>>
>>> How can user space identify that we actually forward these intercepts?
>>> How can it enable them? The old KVM_CAP_S390_USER_STSI capability
>>> is not sufficient.
>>
>> Why do you think that it is not sufficient? USER_STSI basically says
>> "you may get an exit that tells you about a buffer to fill in some more
>> data for a stsi command, and we also tell you which call". If userspace
>> does not know what to add for a certain call, it is free to just do
>> nothing, and if it does not get some calls it would support, that should
>> not be a problem, either?
>
> If you migrate your VM from machine a to machine b, from kernel a to
> kernel b, and kernel b does not trigger exits to user space for fc=15,
> how could QEMU spot and catch the different capabilities to make sure
> the guest can continue using the feature?
Wouldn't that imply that the USER_STSI feature, in the function-agnostic
way it is documented, was broken from the start?
Hm. Maybe we need some kind of facility where userspace can query the
kernel and gets a list of the stsi subcodes it may get exits for, and
possibly fail to start the migration. Having a new capability to be
enabled for every new subcode feels like overkill. I don't think we can
pass a payload ("enable these subfunctions") to a cap.
Or can we tie a subcode to another feature, like the mystery cap that
was mentioned in the description, but does not seem to appear in the
code?
Powered by blists - more mailing lists