APPLIED: [SRU][F][PULL v2] KVM: Enable storage key checking for intercepted instruction

Stefan Bader stefan.bader at canonical.com
Wed Mar 16 14:32:34 UTC 2022


On 08.03.22 07:31, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/1962831
> 
> KVM uses lazy storage key enablement as Linux does no longer make use of the
> storage keys. When the guest enters keyed mode, then KVM will save/restore the
> key during paging, provide change/reference tracking for guest and host and
> for all interpreted instructions will do key protection.
> If an instruction is intercepted and passed along to userspace (like QEMU) no
> storage key protection is checked, though. This is in violation of the
> architecture and it can result in misbehaving guests that rely on key
> protection for all instructions.
> This item will add the missing key checking to MEMOP ioctl.
> 
> v2: Moved backport notes from LP bug to commits. Removed obsolete 'From:' lines.
> 
> ---
> 
> The following changes since commit dbdbd581976f9dfcc9e21a777273b55bdb9bf138:
> 
>    UBUNTU: Ubuntu-5.4.0-102.115 (2022-02-23 15:32:05 +0100)
> 
> are available in the Git repository at:
> 
>    https://git.launchpad.net/~fheimes/+git/lp1962831/ dad556895abcce390a1310ff41b353d9e58cca73
> 
> for you to fetch changes up to dad556895abcce390a1310ff41b353d9e58cca73:
> 
>    KVM: s390: Add missing vm MEM_OP size check (2022-03-07 20:53:28 +0100)
> 
> ----------------------------------------------------------------
> Emanuele Giuseppe Esposito (1):
>        selftests: kvm: add _vm_ioctl
> 
> Heiko Carstens (1):
>        s390/uaccess: fix compile error
> 
> Janis Schoetterl-Glausch (14):
>        KVM: s390: gaccess: Refactor gpa and length calculation
>        KVM: s390: gaccess: Refactor access address range check
>        KVM: s390: gaccess: Cleanup access to guest pages
>        s390/uaccess: Add copy_from/to_user_key functions
>        KVM: s390: Honor storage keys when accessing guest memory
>        KVM: s390: handle_tprot: Honor storage keys
>        KVM: s390: selftests: Test TEST PROTECTION emulation
>        KVM: s390: Add optional storage key checking to MEMOP IOCTL
>        KVM: s390: Add vm IOCTL for key checked guest absolute memory access
>        KVM: s390: Rename existing vcpu memop functions
>        KVM: s390: Add capability for storage key extension of MEM_OP IOCTL
>        KVM: s390: Update api documentation for memop ioctl
>        KVM: s390: Clarify key argument for MEM_OP in api docs
>        KVM: s390: Add missing vm MEM_OP size check
> 
> Nico Boehr (1):
>        s390/uaccess: introduce bit field for OAC specifier
> 
> Sean Christopherson (1):
>        KVM: selftests: Add GUEST_ASSERT variants to pass values to host
> 
> Wainer dos Santos Moschetta (1):
>        selftests: kvm: Introduce the TEST_FAIL macro
> 
>   Documentation/virt/kvm/api.txt                  | 127 ++++++--
>   arch/s390/include/asm/ctl_reg.h                 |   2 +
>   arch/s390/include/asm/page.h                    |   2 +
>   arch/s390/include/asm/uaccess.h                 | 144 ++++++---
>   arch/s390/kvm/gaccess.c                         | 408 +++++++++++++++++++-----
>   arch/s390/kvm/gaccess.h                         |  84 ++++-
>   arch/s390/kvm/intercept.c                       |  12 +-
>   arch/s390/kvm/kvm-s390.c                        | 132 ++++++--
>   arch/s390/kvm/priv.c                            |  66 ++--
>   arch/s390/lib/uaccess.c                         | 108 +++++--
>   include/uapi/linux/kvm.h                        |  11 +-
>   tools/testing/selftests/kvm/.gitignore          |   1 +
>   tools/testing/selftests/kvm/Makefile            |   1 +
>   tools/testing/selftests/kvm/include/kvm_util.h  |  26 +-
>   tools/testing/selftests/kvm/include/test_util.h |   3 +
>   tools/testing/selftests/kvm/lib/kvm_util.c      |   7 +-
>   tools/testing/selftests/kvm/s390x/tprot.c       | 228 +++++++++++++
>   17 files changed, 1114 insertions(+), 248 deletions(-)
>   create mode 100644 tools/testing/selftests/kvm/s390x/tprot.c
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220316/9fa34537/attachment-0001.sig>


More information about the kernel-team mailing list