[SRU][F][PULL] KVM: Enable storage key checking for intercepted instruction
frank.heimes at canonical.com
frank.heimes at canonical.com
Fri Mar 4 11:31:39 UTC 2022
BugLink: https://bugs.launchpad.net/bugs/1962831
KVM uses lazy storage key enablement as Linux does no longer make use of the
storage keys. When the guest enters keyed mode, then KVM will save/restore the
key during paging, provide change/reference tracking for guest and host and
for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no
storage key protection is checked, though. This is in violation of the
architecture and it can result in misbehaving guests that rely on key
protection for all instructions.
This item will add the missing key checking to MEMOP ioctl.
---
The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
are available in the Git repository at:
https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c
for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:
KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)
----------------------------------------------------------------
Emanuele Giuseppe Esposito (1):
selftests: kvm: add _vm_ioctl
Heiko Carstens (1):
s390/uaccess: fix compile error
Janis Schoetterl-Glausch (14):
KVM: s390: gaccess: Refactor gpa and length calculation
KVM: s390: gaccess: Refactor access address range check
KVM: s390: gaccess: Cleanup access to guest pages
s390/uaccess: Add copy_from/to_user_key functions
KVM: s390: Honor storage keys when accessing guest memory
KVM: s390: handle_tprot: Honor storage keys
KVM: s390: selftests: Test TEST PROTECTION emulation
KVM: s390: Add optional storage key checking to MEMOP IOCTL
KVM: s390: Add vm IOCTL for key checked guest absolute memory access
KVM: s390: Rename existing vcpu memop functions
KVM: s390: Add capability for storage key extension of MEM_OP IOCTL
KVM: s390: Update api documentation for memop ioctl
KVM: s390: Clarify key argument for MEM_OP in api docs
KVM: s390: Add missing vm MEM_OP size check
Nico Boehr (1):
s390/uaccess: introduce bit field for OAC specifier
Sean Christopherson (1):
KVM: selftests: Add GUEST_ASSERT variants to pass values to host
Wainer dos Santos Moschetta (1):
selftests: kvm: Introduce the TEST_FAIL macro
Documentation/virt/kvm/api.txt | 127 ++++++--
arch/s390/include/asm/ctl_reg.h | 2 +
arch/s390/include/asm/page.h | 2 +
arch/s390/include/asm/uaccess.h | 144 ++++++---
arch/s390/kvm/gaccess.c | 408 +++++++++++++++++++-----
arch/s390/kvm/gaccess.h | 84 ++++-
arch/s390/kvm/intercept.c | 12 +-
arch/s390/kvm/kvm-s390.c | 132 ++++++--
arch/s390/kvm/priv.c | 66 ++--
arch/s390/lib/uaccess.c | 108 +++++--
include/uapi/linux/kvm.h | 11 +-
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
tools/testing/selftests/kvm/include/kvm_util.h | 26 +-
tools/testing/selftests/kvm/include/test_util.h | 3 +
tools/testing/selftests/kvm/lib/kvm_util.c | 7 +-
tools/testing/selftests/kvm/s390x/tprot.c | 228 +++++++++++++
17 files changed, 1114 insertions(+), 248 deletions(-)
create mode 100644 tools/testing/selftests/kvm/s390x/tprot.c
More information about the kernel-team
mailing list