lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6df8a43f-ddba-75ef-0aa7-f873bb8e0032@redhat.com>
Date:   Thu, 15 Jul 2021 12:19:05 +0200
From:   David Hildenbrand <david@...hat.com>
To:     Cornelia Huck <cohuck@...hat.com>,
        Pierre Morel <pmorel@...ux.ibm.com>, kvm@...r.kernel.org
Cc:     linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        borntraeger@...ibm.com, frankja@...ux.ibm.com, thuth@...hat.com,
        imbrenda@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com
Subject: Re: [PATCH v1 1/2] s390x: KVM: accept STSI for CPU topology
 information

On 15.07.21 12:16, Cornelia Huck wrote:
> On Thu, Jul 15 2021, David Hildenbrand <david@...hat.com> wrote:
> 
>> On 15.07.21 11:30, Cornelia Huck wrote:
>>> On Thu, Jul 15 2021, David Hildenbrand <david@...hat.com> wrote:
>>>
>>>> On 14.07.21 17:25, Pierre Morel wrote:
>>>>> STSI(15.1.x) gives information on the CPU configuration topology.
>>>>> Let's accept the interception of STSI with the function code 15 and
>>>>> let the userland part of the hypervisor handle it.
>>>>>
>>>>> Signed-off-by: Pierre Morel <pmorel@...ux.ibm.com>
>>>>> ---
>>>>>     arch/s390/kvm/priv.c | 11 ++++++++++-
>>>>>     1 file changed, 10 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
>>>>> index 9928f785c677..4ab5f8b7780e 100644
>>>>> --- a/arch/s390/kvm/priv.c
>>>>> +++ b/arch/s390/kvm/priv.c
>>>>> @@ -856,7 +856,7 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
>>>>>     	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
>>>>>     		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
>>>>>     
>>>>> -	if (fc > 3) {
>>>>> +	if (fc > 3 && fc != 15) {
>>>>>     		kvm_s390_set_psw_cc(vcpu, 3);
>>>>>     		return 0;
>>>>>     	}
>>>>> @@ -893,6 +893,15 @@ static int handle_stsi(struct kvm_vcpu *vcpu)
>>>>>     			goto out_no_data;
>>>>>     		handle_stsi_3_2_2(vcpu, (void *) mem);
>>>>>     		break;
>>>>> +	case 15:
>>>>> +		if (sel1 != 1 || sel2 < 2 || sel2 > 6)
>>>>> +			goto out_no_data;
>>>>> +		if (vcpu->kvm->arch.user_stsi) {
>>>>> +			insert_stsi_usr_data(vcpu, operand2, ar, fc, sel1, sel2);
>>>>> +			return -EREMOTE;
>>>
>>> This bypasses the trace event further down.
>>>
>>>>> +		}
>>>>> +		kvm_s390_set_psw_cc(vcpu, 3);
>>>>> +		return 0;
>>>>>     	}
>>>>>     	if (kvm_s390_pv_cpu_is_protected(vcpu)) {
>>>>>     		memcpy((void *)sida_origin(vcpu->arch.sie_block), (void *)mem,
>>>> 3. User space awareness
>>>>
>>>> How can user space identify that we actually forward these intercepts?
>>>> How can it enable them? The old KVM_CAP_S390_USER_STSI capability
>>>> is not sufficient.
>>>
>>> Why do you think that it is not sufficient? USER_STSI basically says
>>> "you may get an exit that tells you about a buffer to fill in some more
>>> data for a stsi command, and we also tell you which call". If userspace
>>> does not know what to add for a certain call, it is free to just do
>>> nothing, and if it does not get some calls it would support, that should
>>> not be a problem, either?
>>
>> If you migrate your VM from machine a to machine b, from kernel a to
>> kernel b, and kernel b does not trigger exits to user space for fc=15,
>> how could QEMU spot and catch the different capabilities to make sure
>> the guest can continue using the feature?
> 
> Wouldn't that imply that the USER_STSI feature, in the function-agnostic
> way it is documented, was broken from the start?

Likely. We should have forwarded everything to user space most probably 
and not try being smart in the kernel.

> 
> Hm. Maybe we need some kind of facility where userspace can query the
> kernel and gets a list of the stsi subcodes it may get exits for, and
> possibly fail to start the migration. Having a new capability to be
> enabled for every new subcode feels like overkill. I don't think we can
> pass a payload ("enable these subfunctions") to a cap.

Maybe a new capability that forwards everything to user space when 
enabled, and lets user space handle errors.

Or a specialized one only to unlock fc=15.

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ