ACK: [SRU][F][J][PATCH 0/3] Include patches to avoid self-detected stall with Secure Execution (LP: 1979296)
Tim Gardner
tim.gardner at canonical.com
Wed Jun 22 12:44:41 UTC 2022
On 6/21/22 13:36, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/1979296
>
> SRU Justification:
>
> [Impact]
>
> * On IBM Z secure execution environments under heavy load
> (means with over-committed resources - KVM guests)
> rcu_sched self-detected stalls can occur,
> which lead to LPAR crashes.
>
> [Fix]
>
> * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values"
>
> * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm"
>
> * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure"
>
> [Test Plan]
>
> * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution)
> enabled is required.
>
> * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4)
> or 22.04 LTS on top.
>
> * Install a kernel that incl. the above two patches/commits
>
> * Bring the system under high load with KVM guests.
>
> * Monitor dmesg for 'rcu_sched self-detected stalls'
> and/or look for crashes.
>
> * Due to hardware requirements this test needs to be conducted by IBM.
>
> [Where problems could occur]
>
> * The definition from 57c5df13eca4 are missing in both jammy
> and focal, but shouldn't harm.
>
> * The change in 1e2aa46de526 only uses uv_call_sched instead
> of just uv_call, which should lead to a snappier system
> under high load, but may consume overall some more cycles.
>
> * With f0a1a0615a6f the uv_call_sched cannot simply replace
> uv_call, due to locks being held.
>
> * Instead __uv_call is replacing uv_call, which does not loop.
>
> * But due to these changes of the (uv) calls,
> - in case erroneous - they may lead to wrong states,
> and even broken ultravisor calls
> and with that broken secure execution (SE).
>
> * As a side effect the uv might no longer loop over all pages,
> and in worst case leaving some unprotected.
>
> * All this is s390x-only functionality,
> that is only available on IBM z15 / LinuxONE III systems and newer,
> and only is the optional feature 'FC 115' in place,
> which is limited to 'secure-execution' workloads.
>
> [Other Info]
>
> * Patches are upstream accepted with kernel 5.16.
>
> * Commit 1e2aa46de526 is already included in jammy
> but 57c5df13eca4 and f0a1a0615a6f are missing.
>
> * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f.
>
> * Since impish is very close to it's EOL, it's not covered by this SRU.
>
> Claudio Imbrenda (3):
> KVM: s390: pv: add macros for UVC CC values
> KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
> KVM: s390: pv: avoid stalls when making pages secure
>
> arch/s390/include/asm/uv.h | 5 +++++
> arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------
> arch/s390/kvm/intercept.c | 5 +++++
> arch/s390/kvm/pv.c | 2 +-
> 4 files changed, 34 insertions(+), 7 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list