[SRU][F][PULL] KVM: Enable storage key checking for intercepted instruction

frank.heimes at canonical.com frank.heimes at canonical.com
Fri Mar 4 11:31:39 UTC 2022

BugLink: https://bugs.launchpad.net/bugs/1962831

KVM uses lazy storage key enablement as Linux does no longer make use of the
storage keys. When the guest enters keyed mode, then KVM will save/restore the
key during paging, provide change/reference tracking for guest and host and
for all interpreted instructions will do key protection.
If an instruction is intercepted and passed along to userspace (like QEMU) no
storage key protection is checked, though. This is in violation of the
architecture and it can result in misbehaving guests that rely on key
protection for all instructions.
This item will add the missing key checking to MEMOP ioctl.


The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:

  UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)

are available in the Git repository at:

  https://git.launchpad.net/~fheimes/+git/lp1962831/ 16c0809cf1012e68279a8936a482c1d63cc4d14c

for you to fetch changes up to 16c0809cf1012e68279a8936a482c1d63cc4d14c:

  KVM: s390: Add missing vm MEM_OP size check (2022-03-03 22:45:50 +0100)

Emanuele Giuseppe Esposito (1):
      selftests: kvm: add _vm_ioctl

Heiko Carstens (1):
      s390/uaccess: fix compile error

Janis Schoetterl-Glausch (14):
      KVM: s390: gaccess: Refactor gpa and length calculation
      KVM: s390: gaccess: Refactor access address range check
      KVM: s390: gaccess: Cleanup access to guest pages
      s390/uaccess: Add copy_from/to_user_key functions
      KVM: s390: Honor storage keys when accessing guest memory
      KVM: s390: handle_tprot: Honor storage keys
      KVM: s390: selftests: Test TEST PROTECTION emulation
      KVM: s390: Add optional storage key checking to MEMOP IOCTL
      KVM: s390: Add vm IOCTL for key checked guest absolute memory access
      KVM: s390: Rename existing vcpu memop functions
      KVM: s390: Add capability for storage key extension of MEM_OP IOCTL
      KVM: s390: Update api documentation for memop ioctl
      KVM: s390: Clarify key argument for MEM_OP in api docs
      KVM: s390: Add missing vm MEM_OP size check

Nico Boehr (1):
      s390/uaccess: introduce bit field for OAC specifier

Sean Christopherson (1):
      KVM: selftests: Add GUEST_ASSERT variants to pass values to host

Wainer dos Santos Moschetta (1):
      selftests: kvm: Introduce the TEST_FAIL macro

 Documentation/virt/kvm/api.txt                  | 127 ++++++--
 arch/s390/include/asm/ctl_reg.h                 |   2 +
 arch/s390/include/asm/page.h                    |   2 +
 arch/s390/include/asm/uaccess.h                 | 144 ++++++---
 arch/s390/kvm/gaccess.c                         | 408 +++++++++++++++++++-----
 arch/s390/kvm/gaccess.h                         |  84 ++++-
 arch/s390/kvm/intercept.c                       |  12 +-
 arch/s390/kvm/kvm-s390.c                        | 132 ++++++--
 arch/s390/kvm/priv.c                            |  66 ++--
 arch/s390/lib/uaccess.c                         | 108 +++++--
 include/uapi/linux/kvm.h                        |  11 +-
 tools/testing/selftests/kvm/.gitignore          |   1 +
 tools/testing/selftests/kvm/Makefile            |   1 +
 tools/testing/selftests/kvm/include/kvm_util.h  |  26 +-
 tools/testing/selftests/kvm/include/test_util.h |   3 +
 tools/testing/selftests/kvm/lib/kvm_util.c      |   7 +-
 tools/testing/selftests/kvm/s390x/tprot.c       | 228 +++++++++++++
 17 files changed, 1114 insertions(+), 248 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/s390x/tprot.c

More information about the kernel-team mailing list