ACK: [SRU][F][J][PATCH 0/3] Include patches to avoid self-detected stall with Secure Execution (LP: 1979296)

Tim Gardner tim.gardner at canonical.com
Wed Jun 22 12:44:41 UTC 2022 

On 6/21/22 13:36, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/1979296
> 
> SRU Justification:
> 
> [Impact]
> 
>   * On IBM Z secure execution environments under heavy load
>     (means with over-committed resources - KVM guests)
>     rcu_sched self-detected stalls can occur,
>     which lead to LPAR crashes.
> 
> [Fix]
> 
>   * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values"
> 
>   * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm"
> 
>   * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure"
> 
> [Test Plan]
> 
>   * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution)
>     enabled is required.
> 
>   * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4)
>     or 22.04 LTS on top.
> 
>   * Install a kernel that incl. the above two patches/commits
> 
>   * Bring the system under high load with KVM guests.
> 
>   * Monitor dmesg for 'rcu_sched self-detected stalls'
>     and/or look for crashes.
> 
>   * Due to hardware requirements this test needs to be conducted by IBM.
> 
> [Where problems could occur]
> 
>   * The definition from 57c5df13eca4 are missing in both jammy
>     and focal, but shouldn't harm.
> 
>   * The change in 1e2aa46de526 only uses uv_call_sched instead
>     of just uv_call, which should lead to a snappier system
>     under high load, but may consume overall some more cycles.
> 
>   * With f0a1a0615a6f the uv_call_sched cannot simply replace
>     uv_call, due to locks being held.
> 
>   * Instead __uv_call is replacing uv_call, which does not loop.
> 
>   * But due to these changes of the (uv) calls,
>     - in case erroneous - they may lead to wrong states,
>     and even broken ultravisor calls
>     and with that broken secure execution (SE).
> 
>   * As a side effect the uv might no longer loop over all pages,
>     and in worst case leaving some unprotected.
> 
>   * All this is s390x-only functionality,
>     that is only available on IBM z15 / LinuxONE III systems and newer,
>     and only is the optional feature 'FC 115' in place,
>     which is limited to 'secure-execution' workloads.
> 
> [Other Info]
> 
>   * Patches are upstream accepted with kernel 5.16.
> 
>   * Commit 1e2aa46de526 is already included in jammy
>     but 57c5df13eca4 and f0a1a0615a6f are missing.
> 
>   * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f.
> 
>   * Since impish is very close to it's EOL, it's not covered by this SRU.
> 
> Claudio Imbrenda (3):
>    KVM: s390: pv: add macros for UVC CC values
>    KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
>    KVM: s390: pv: avoid stalls when making pages secure
> 
>   arch/s390/include/asm/uv.h |  5 +++++
>   arch/s390/kernel/uv.c      | 29 +++++++++++++++++++++++------
>   arch/s390/kvm/intercept.c  |  5 +++++
>   arch/s390/kvm/pv.c         |  2 +-
>   4 files changed, 34 insertions(+), 7 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>

-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list