ACK: [SRU][F][J][PATCH 0/3] Include patches to avoid self-detected stall with Secure Execution (LP: 1979296)

Bartlomiej Zolnierkiewicz bartlomiej.zolnierkiewicz at canonical.com
Wed Jun 22 11:49:00 UTC 2022


Acked-by: Bartlomiej Zolnierkiewicz <bartlomiej.zolnierkiewicz at canonical.com>

On Tue, Jun 21, 2022 at 9:37 PM <frank.heimes at canonical.com> wrote:
>
> BugLink: https://bugs.launchpad.net/bugs/1979296
>
> SRU Justification:
>
> [Impact]
>
>  * On IBM Z secure execution environments under heavy load
>    (means with over-committed resources - KVM guests)
>    rcu_sched self-detected stalls can occur,
>    which lead to LPAR crashes.
>
> [Fix]
>
>  * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values"
>
>  * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm"
>
>  * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure"
>
> [Test Plan]
>
>  * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution)
>    enabled is required.
>
>  * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4)
>    or 22.04 LTS on top.
>
>  * Install a kernel that incl. the above two patches/commits
>
>  * Bring the system under high load with KVM guests.
>
>  * Monitor dmesg for 'rcu_sched self-detected stalls'
>    and/or look for crashes.
>
>  * Due to hardware requirements this test needs to be conducted by IBM.
>
> [Where problems could occur]
>
>  * The definition from 57c5df13eca4 are missing in both jammy
>    and focal, but shouldn't harm.
>
>  * The change in 1e2aa46de526 only uses uv_call_sched instead
>    of just uv_call, which should lead to a snappier system
>    under high load, but may consume overall some more cycles.
>
>  * With f0a1a0615a6f the uv_call_sched cannot simply replace
>    uv_call, due to locks being held.
>
>  * Instead __uv_call is replacing uv_call, which does not loop.
>
>  * But due to these changes of the (uv) calls,
>    - in case erroneous - they may lead to wrong states,
>    and even broken ultravisor calls
>    and with that broken secure execution (SE).
>
>  * As a side effect the uv might no longer loop over all pages,
>    and in worst case leaving some unprotected.
>
>  * All this is s390x-only functionality,
>    that is only available on IBM z15 / LinuxONE III systems and newer,
>    and only is the optional feature 'FC 115' in place,
>    which is limited to 'secure-execution' workloads.
>
> [Other Info]
>
>  * Patches are upstream accepted with kernel 5.16.
>
>  * Commit 1e2aa46de526 is already included in jammy
>    but 57c5df13eca4 and f0a1a0615a6f are missing.
>
>  * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f.
>
>  * Since impish is very close to it's EOL, it's not covered by this SRU.
>
> Claudio Imbrenda (3):
>   KVM: s390: pv: add macros for UVC CC values
>   KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
>   KVM: s390: pv: avoid stalls when making pages secure
>
>  arch/s390/include/asm/uv.h |  5 +++++
>  arch/s390/kernel/uv.c      | 29 +++++++++++++++++++++++------
>  arch/s390/kvm/intercept.c  |  5 +++++
>  arch/s390/kvm/pv.c         |  2 +-
>  4 files changed, 34 insertions(+), 7 deletions(-)
>
> --
> 2.25.1



More information about the kernel-team mailing list